Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
blq.exe

Overview

General Information

Sample name:blq.exe
Analysis ID:1580529
MD5:6153a06b74491bacb664bf142b598c69
SHA1:dade36a11a568e3b0b5f3e7fd44b566182702534
SHA256:0b510380e52b3c97e7a2f227eb9ecda6a194885da74fac6630f1eb7d5ee6091f
Tags:DarkCometexeuser-sicehicetf
Infos:

Detection

Gh0stCringe, RunningRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Gh0stCringe
Yara detected RunningRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Checks if browser processes are running
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for dropped file
Machine Learning detection for sample
Self deletion via cmd or bat file
Uses dynamic DNS services
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the program root directory (C:\Program Files)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • blq.exe (PID: 7560 cmdline: "C:\Users\user\Desktop\blq.exe" MD5: 6153A06B74491BACB664BF142B598C69)
    • ._cache_blq.exe (PID: 7616 cmdline: "C:\Users\user\Desktop\._cache_blq.exe" MD5: 2C8E6B45F0113B45F9187B60DF114FEF)
      • cmd.exe (PID: 7804 cmdline: "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • PING.EXE (PID: 7848 cmdline: ping 127.0.0.1 -n 1 MD5: B3624DD758CCECF93A1226CEF252CA12)
    • Synaptics.exe (PID: 7644 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 64C0A5B375F1AB0C44808320D5AF9E84)
      • WerFault.exe (PID: 7032 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16120 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 7088 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16140 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 7764 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16196 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7636 cmdline: C:\Windows\SysWOW64\svchost.exe -k "encvbk" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
  • svchost.exe (PID: 7664 cmdline: C:\Windows\SysWOW64\svchost.exe -k "encvbk" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
    • encvbk.exe (PID: 8056 cmdline: C:\Windows\system32\encvbk.exe "c:\program files (x86)\6795234.dll",MainThread MD5: 889B99C52A60DD49227C5E485A016679)
  • EXCEL.EXE (PID: 7704 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 1900 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • svchost.exe (PID: 7984 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • Synaptics.exe (PID: 7636 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 64C0A5B375F1AB0C44808320D5AF9E84)
  • svchost.exe (PID: 6808 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 6904 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 6952 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7644 -ip 7644 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7356 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7644 -ip 7644 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7572 cmdline: C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Running RATNJCCIC characterizes RunningRAT as a remote access trojan (RAT) that operates using two DLL files. When the trojan is loaded onto a system, it executes the first DLL. This is used to disable anti-malware solutions, unpack and execute the main RAT DLL, and gain persistence. The trojan installs a Windows batch file dx.bat that attempts to kill the daumcleaner.exe task, a Korean security program. The file then attempts to remove itself. Once the second DLL is loaded into memory, the first DLL overwrites the IP address for the control server to change the address the trojan communicates with. The second DLL gathers information about the victim's system, including its operating system and driver and processor information. The RAT can log user keystrokes, copy the clipboard, delete files, compress files, clear event logs, shut down the machine, and more. The second DLL also uses several anti-bugging techniques.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.runningrat

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
blq.exeJoeSecurity_XRedYara detected XRedJoe Security
    blq.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      blq.exeMALWARE_Win_RunningRATDetects RunningRATditekSHen
      • 0xbd1c4:$s1: %s%d.dll
      • 0xbd2d0:$s2: /c ping 127.0.0.1 -n
      • 0xbd2ea:$s3: del /f/q "%s"
      • 0xbd0dc:$s4: GUpdate
      • 0xbd2a0:$s5: %s\%d.bak
      • 0xbd1d9:$s6: "%s",MainThread
      • 0xbd1ec:$s7: rundll32.exe
      • 0xb769d:$rev1: emankcosteg
      • 0xb78c2:$rev3: daerhTniaM,"s%" s%
      • 0xb7c16:$rev4: s% etadpUllD,"s%" 23lldnuR
      • 0xb7d43:$rev5: ---DNE yromeMmorFdaoL
      • 0xb7d38:$rev6: eMnigulP
      • 0xb78b3:$rev7: exe.23lldnuR\
      • 0xb7bbc:$rev8: dnammoc\nepo\llehs\
      • 0xb7bf3:$rev8: dnammoc\nepo\llehs\
      • 0xb7d9d:$rev9: "s%" k- exe.tsohcvs\23metsyS\%%tooRmetsyS%
      • 0xb7643:$rev10: emanybtsohteg
      • 0xb7671:$rev11: tekcosesolc
      • 0xb767e:$rev12: tpokcostes
      • 0xb76a9:$rev13: emantsohteg

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\Desktop\._cache_blq.exeJoeSecurity_RunningRATYara detected RunningRATJoe Security
        C:\Users\user\Desktop\._cache_blq.exeGoldDragon_RunningRATDetects Running RAT from Gold Dragon reportFlorian Roth
        • 0x402f:$a1: emanybtsohteg
        • 0x405d:$a2: tekcosesolc
        • 0x4089:$a3: emankcosteg
        • 0x4095:$a4: emantsohteg
        • 0x406a:$a5: tpokcostes
        • 0x400e:$a6: putratSASW
        C:\Users\user\Desktop\._cache_blq.exeMALWARE_Win_RunningRATDetects RunningRATditekSHen
        • 0x9bb0:$s1: %s%d.dll
        • 0x9cbc:$s2: /c ping 127.0.0.1 -n
        • 0x9cd6:$s3: del /f/q "%s"
        • 0x9ac8:$s4: GUpdate
        • 0x9c8c:$s5: %s\%d.bak
        • 0x9bc5:$s6: "%s",MainThread
        • 0x9bd8:$s7: rundll32.exe
        • 0x4089:$rev1: emankcosteg
        • 0x42ae:$rev3: daerhTniaM,"s%" s%
        • 0x4602:$rev4: s% etadpUllD,"s%" 23lldnuR
        • 0x472f:$rev5: ---DNE yromeMmorFdaoL
        • 0x4724:$rev6: eMnigulP
        • 0x429f:$rev7: exe.23lldnuR\
        • 0x45a8:$rev8: dnammoc\nepo\llehs\
        • 0x45df:$rev8: dnammoc\nepo\llehs\
        • 0x4789:$rev9: "s%" k- exe.tsohcvs\23metsyS\%%tooRmetsyS%
        • 0x402f:$rev10: emanybtsohteg
        • 0x405d:$rev11: tekcosesolc
        • 0x406a:$rev12: tpokcostes
        • 0x4095:$rev13: emantsohteg
        C:\Program Files (x86)\6795234.dllJoeSecurity_Gh0stCringeYara detected Gh0stCringeJoe Security
          C:\Program Files (x86)\6795234.dllMALWARE_Win_RunningRATDetects RunningRATditekSHen
          • 0x5534:$s4: GUpdate
          • 0x514c:$s5: %s\%d.bak
          • 0x55e3:$s6: "%s",MainThread
          • 0x50ec:$v2_1: %%SystemRoot%%\System32\svchost.exe -k "%s"
          • 0x515c:$v2_2: LoadFromMemory END---
          • 0x51d0:$v2_3: hmProxy!= NULL
          • 0x5284:$v2_4: Rundll32 "%s",DllUpdate %s
          • 0x5610:$v2_6: %d*%sMHz
          Click to see the 7 entries

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpJoeSecurity_Gh0stCringeYara detected Gh0stCringeJoe Security
            0000000A.00000002.4129317792.0000000010006000.00000004.00000001.01000000.00000007.sdmpJoeSecurity_Gh0stCringeYara detected Gh0stCringeJoe Security
              00000001.00000000.1659507821.0000000000403000.00000008.00000001.01000000.00000005.sdmpJoeSecurity_RunningRATYara detected RunningRATJoe Security
                00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000000.00000003.1660121834.0000000000716000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RunningRATYara detected RunningRATJoe Security
                    Click to see the 8 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    10.2.encvbk.exe.10000000.1.unpackJoeSecurity_Gh0stCringeYara detected Gh0stCringeJoe Security
                      10.2.encvbk.exe.10000000.1.unpackMALWARE_Win_RunningRATDetects RunningRATditekSHen
                      • 0x5534:$s4: GUpdate
                      • 0x514c:$s5: %s\%d.bak
                      • 0x55e3:$s6: "%s",MainThread
                      • 0x50ec:$v2_1: %%SystemRoot%%\System32\svchost.exe -k "%s"
                      • 0x515c:$v2_2: LoadFromMemory END---
                      • 0x51d0:$v2_3: hmProxy!= NULL
                      • 0x5284:$v2_4: Rundll32 "%s",DllUpdate %s
                      • 0x5610:$v2_6: %d*%sMHz
                      1.2.._cache_blq.exe.4032a0.1.unpackJoeSecurity_Gh0stCringeYara detected Gh0stCringeJoe Security
                        1.2.._cache_blq.exe.4032a0.1.unpackMALWARE_Win_RunningRATDetects RunningRATditekSHen
                        • 0x5910:$s1: %s%d.dll
                        • 0x5a1c:$s2: /c ping 127.0.0.1 -n
                        • 0x5a36:$s3: del /f/q "%s"
                        • 0x4934:$s4: GUpdate
                        • 0x5828:$s4: GUpdate
                        • 0x454c:$s5: %s\%d.bak
                        • 0x59ec:$s5: %s\%d.bak
                        • 0x49e3:$s6: "%s",MainThread
                        • 0x5925:$s6: "%s",MainThread
                        • 0x5938:$s7: rundll32.exe
                        • 0x44ec:$v2_1: %%SystemRoot%%\System32\svchost.exe -k "%s"
                        • 0x455c:$v2_2: LoadFromMemory END---
                        • 0x45d0:$v2_3: hmProxy!= NULL
                        • 0x4684:$v2_4: Rundll32 "%s",DllUpdate %s
                        • 0x4a10:$v2_6: %d*%sMHz
                        1.0.._cache_blq.exe.400000.0.unpackJoeSecurity_RunningRATYara detected RunningRATJoe Security
                          Click to see the 23 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\blq.exe, ProcessId: 7560, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                          Sigma detected: Office Macro File Creation
                          Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 7644, TargetFilename: C:\Users\user\AppData\Local\Temp\OslfsL4J.xlsm
                          Sigma detected: Windows Processes Suspicious Parent Directory
                          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\SysWOW64\svchost.exe -k "encvbk", CommandLine: C:\Windows\SysWOW64\svchost.exe -k "encvbk", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\SysWOW64\svchost.exe -k "encvbk", ProcessId: 7636, ProcessName: svchost.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-24T22:11:10.645213+010020448871A Network Trojan was detected192.168.2.449735142.250.181.14443TCP
                          2024-12-24T22:11:10.645236+010020448871A Network Trojan was detected192.168.2.449734142.250.181.14443TCP
                          2024-12-24T22:11:13.240931+010020448871A Network Trojan was detected192.168.2.449745142.250.181.14443TCP
                          2024-12-24T22:11:13.244835+010020448871A Network Trojan was detected192.168.2.449744142.250.181.14443TCP
                          2024-12-24T22:11:17.493276+010020448871A Network Trojan was detected192.168.2.449759142.250.181.14443TCP
                          2024-12-24T22:11:17.493467+010020448871A Network Trojan was detected192.168.2.449758142.250.181.14443TCP
                          2024-12-24T22:11:20.152684+010020448871A Network Trojan was detected192.168.2.449764142.250.181.14443TCP
                          2024-12-24T22:11:20.259535+010020448871A Network Trojan was detected192.168.2.449765142.250.181.14443TCP
                          2024-12-24T22:11:24.300966+010020448871A Network Trojan was detected192.168.2.449781142.250.181.14443TCP
                          2024-12-24T22:11:24.305134+010020448871A Network Trojan was detected192.168.2.449780142.250.181.14443TCP
                          2024-12-24T22:11:26.893764+010020448871A Network Trojan was detected192.168.2.449784142.250.181.14443TCP
                          2024-12-24T22:11:27.019999+010020448871A Network Trojan was detected192.168.2.449787142.250.181.14443TCP
                          2024-12-24T22:11:29.925816+010020448871A Network Trojan was detected192.168.2.449796142.250.181.14443TCP
                          2024-12-24T22:11:29.934623+010020448871A Network Trojan was detected192.168.2.449797142.250.181.14443TCP
                          2024-12-24T22:11:34.016732+010020448871A Network Trojan was detected192.168.2.449808142.250.181.14443TCP
                          2024-12-24T22:11:34.030277+010020448871A Network Trojan was detected192.168.2.449807142.250.181.14443TCP
                          2024-12-24T22:11:36.619576+010020448871A Network Trojan was detected192.168.2.449812142.250.181.14443TCP
                          2024-12-24T22:11:36.734168+010020448871A Network Trojan was detected192.168.2.449815142.250.181.14443TCP
                          2024-12-24T22:11:39.633528+010020448871A Network Trojan was detected192.168.2.449823142.250.181.14443TCP
                          2024-12-24T22:11:39.644248+010020448871A Network Trojan was detected192.168.2.449822142.250.181.14443TCP
                          2024-12-24T22:11:42.368794+010020448871A Network Trojan was detected192.168.2.449829142.250.181.14443TCP
                          2024-12-24T22:11:42.374305+010020448871A Network Trojan was detected192.168.2.449827142.250.181.14443TCP
                          2024-12-24T22:11:45.332367+010020448871A Network Trojan was detected192.168.2.449838142.250.181.14443TCP
                          2024-12-24T22:11:45.338699+010020448871A Network Trojan was detected192.168.2.449839142.250.181.14443TCP
                          2024-12-24T22:11:48.095679+010020448871A Network Trojan was detected192.168.2.449841142.250.181.14443TCP
                          2024-12-24T22:11:48.107763+010020448871A Network Trojan was detected192.168.2.449843142.250.181.14443TCP
                          2024-12-24T22:11:51.050695+010020448871A Network Trojan was detected192.168.2.449853142.250.181.14443TCP
                          2024-12-24T22:11:51.061874+010020448871A Network Trojan was detected192.168.2.449852142.250.181.14443TCP
                          2024-12-24T22:11:55.170346+010020448871A Network Trojan was detected192.168.2.449861142.250.181.14443TCP
                          2024-12-24T22:11:55.244824+010020448871A Network Trojan was detected192.168.2.449862142.250.181.14443TCP
                          2024-12-24T22:11:59.059409+010020448871A Network Trojan was detected192.168.2.449873142.250.181.14443TCP
                          2024-12-24T22:11:59.183233+010020448871A Network Trojan was detected192.168.2.449872142.250.181.14443TCP
                          2024-12-24T22:12:01.663647+010020448871A Network Trojan was detected192.168.2.449876142.250.181.14443TCP
                          2024-12-24T22:12:01.801209+010020448871A Network Trojan was detected192.168.2.449879142.250.181.14443TCP
                          2024-12-24T22:12:04.793241+010020448871A Network Trojan was detected192.168.2.449888142.250.181.14443TCP
                          2024-12-24T22:12:04.801184+010020448871A Network Trojan was detected192.168.2.449889142.250.181.14443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-24T22:11:10.644957+010028326171Malware Command and Control Activity Detected192.168.2.44974069.42.215.25280TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-24T22:11:04.821651+010028148971Malware Command and Control Activity Detected192.168.2.449733103.36.221.1958790TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: blq.exeAvira: detected
                          Source: blq.exeAvira: detected
                          Source: blq.exeAvira: detected
                          Antivirus detection for URL or domain
                          Source: http://xred.site50.net/syn/SUpdate.iniH))Avira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/SUpdate.iniAvira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/Synaptics.rarAvira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/SSLLibrary.dlpAvira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/SSLLibrary.dllAvira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\Users\user\Desktop\._cache_blq.exeAvira: detection malicious, Label: TR/AD.Farfli.qqkhu
                          Source: C:\ProgramData\Synaptics\RCXAFD2.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\RCXAFD2.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\Program Files (x86)\6795234.dllAvira: detection malicious, Label: BDS/Backdoor.Gen7
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/AD.Farfli.qqkhu
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Found malware configuration
                          Source: blq.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                          Multi AV Scanner detection for dropped file
                          Source: C:\ProgramData\Synaptics\RCXAFD2.tmpReversingLabs: Detection: 100%
                          Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                          Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1ReversingLabs: Detection: 100%
                          Multi AV Scanner detection for submitted file
                          Source: blq.exeReversingLabs: Detection: 92%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.9% probability
                          Machine Learning detection for dropped file
                          Source: C:\ProgramData\Synaptics\RCXAFD2.tmpJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\6795234.dllJoe Sandbox ML: detected
                          Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Joe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: blq.exeJoe Sandbox ML: detected
                          Source: blq.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49735 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49734 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49747 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49746 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49758 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49759 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49766 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49767 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49780 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49781 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49784 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49785 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49786 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49787 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49796 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49797 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49808 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49807 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49812 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49813 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49814 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49815 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49823 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49822 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49823 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49828 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49827 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49829 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49830 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49838 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49839 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49842 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49844 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49852 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49853 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49861 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49862 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49873 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49872 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49877 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49878 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49889 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49888 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49897 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49899 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49917 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49918 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49927 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49929 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49928 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49926 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49928 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49944 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49943 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49962 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49963 version: TLS 1.2
                          Source: Binary string: rundll32.pdb source: svchost.exe, 00000004.00000003.1664131085.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp, encvbk.exe, encvbk.exe, 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, encvbk.exe.4.dr
                          Source: Binary string: rundll32.pdbGCTL source: svchost.exe, 00000004.00000003.1664131085.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp, encvbk.exe, 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, encvbk.exe.4.dr
                          Source: blq.exe, 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: blq.exe, 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: blq.exe, 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                          Source: blq.exeBinary or memory string: [autorun]
                          Source: blq.exeBinary or memory string: [autorun]
                          Source: blq.exeBinary or memory string: autorun.inf
                          Source: RCXAFD2.tmp.0.drBinary or memory string: [autorun]
                          Source: RCXAFD2.tmp.0.drBinary or memory string: [autorun]
                          Source: RCXAFD2.tmp.0.drBinary or memory string: autorun.inf
                          Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                          Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                          Source: Synaptics.exe.0.drBinary or memory string: autorun.inf
                          Source: ~$cache1.3.drBinary or memory string: [autorun]
                          Source: ~$cache1.3.drBinary or memory string: [autorun]
                          Source: ~$cache1.3.drBinary or memory string: autorun.inf
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppDataJump to behavior

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.4:49740 -> 69.42.215.252:80
                          Source: Network trafficSuricata IDS: 2814897 - Severity 1 - ETPRO MALWARE W32.YoungLotus Checkin : 192.168.2.4:49733 -> 103.36.221.195:8790
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49735 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49734 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49745 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49744 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49759 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49758 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49781 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49787 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49808 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49765 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49796 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49812 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49815 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49822 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49838 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49852 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49797 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49780 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49862 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49861 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49872 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49888 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49807 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49889 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49827 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49764 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49823 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49841 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49843 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49784 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49829 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49876 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49879 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49853 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49839 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49873 -> 142.250.181.14:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: xred.mooo.com
                          Uses dynamic DNS services
                          Source: unknownDNS query: name: freedns.afraid.org
                          Uses ping.exe to check the status of other devices and networks
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: global trafficTCP traffic: 192.168.2.4:49733 -> 103.36.221.195:8790
                          Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                          Source: Joe Sandbox ViewASN Name: CHINA169-BJChinaUnicomBeijingProvinceNetworkCN CHINA169-BJChinaUnicomBeijingProvinceNetworkCN
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_1000152B select,memset,recv,4_2_1000152B
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                          Source: global trafficDNS traffic detected: DNS query: docs.google.com
                          Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                          Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                          Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4hScLdnGCuYWqVYuk5Mf1tbrmYb90l-I7PFbRASJwmx8IGzxOKeq15URZwelwNMBtnR3CJgfMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:13 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8BJ9zOTNVeEpSCIbFV21XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=OM-dp6bhkhtg79xklAD4xIA-z7FHNk5sgiYtwe9uQU4WfMFr402V9JwNDcq_k6qFgzr7UHEiUo4sL27axlfLKU20pwx-trh7K4VC0SV1oqLt7LhN0lgJgXY86j07HEtnK1kbCobYTpp6nJAQW0XvlryROAv_MUj0QkOxSMMfa_aW60phebG1418L; expires=Wed, 25-Jun-2025 21:11:13 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC557Hv_HOLpf4KjtxE7VNh1ywnGJfmVys6STkpqu9Iz2nxNsMK6VCVvjEHzblZJkL5GContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:13 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-BAq6LDjmjgpTjI_xCI-wpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR; expires=Wed, 25-Jun-2025 21:11:13 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5fat0U7k49mXI09JjxSeGDj28OoeTy5ZJqKq6K8Cs4rhLBUfQJxLBwlCeMsB5JWtL6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:19 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-h4r8OeM-7gi2UGyRRhujBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Qa4NNLCGpAS_DrTVSpo2ryrYMrKabG7-1bYNIjt0pbA_LW6IyDFaQZixp_3fIAQIQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:20 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-Daw1Ks3d3Gbpg5phCXiQCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4-zQ8CE_aZEzsR8NJ7xj1XwihvuRYoswtbwgvUOLG9sYBAFObal_K9U0nrye83IiaxContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:29 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vU70lNuHQHCX6pe4HILN1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7yNNFA905L8ELR7XnDMInO6kv1kts9PYnMKUZmMbQxZzEyqWHDn-mdqs3Ulnh3vsl3MjIgC_8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:29 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-U6geAeSX1Qtc8dYY0KrEKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7rnA9_S7Qi8GCA-UfTGrN2qot5VI59vv9DVVz-6ifeqn1KLxJhijsbMUdSyxLEDlh-s-OSi1YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:36 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8KwHAnbsuHNwIumLCnEOIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4pKyjdqt4DzAwuz2ckpNDPo_jMB6XfH4kT_PMUHhNVAQ9LIe-hbRn0uGNs2rwUVeefHDMRBaEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:36 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-tZihVc4qzydeDx-Gv_6Xbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7WA2Y8YS4sq2SX7PKcmRLUFFUwmOfe-iVK2TqvHNzPYGCEVdCfiNZEhdaIlmmmOwqoMp9PPFUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:41 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-H0xkIP8YlI84o1Uzra5R1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5ZRiUz5NVF2mP0u_ZVsZDEBOnXQC28AKyFRCynzL__a8CMZvu9nhsbEgCFBgc84JFIw5w_XAoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:42 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vjgl7Th5SEbiqZaYJKFzYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC63DFsQz3sKHX5p44TO5CCb6KTyATAYZCq-VPMxjK-HiRJHwdl2dK97caE0JW5nk7c7twd5KXMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:47 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-uCmGXL5lZlXSeD9fBE_H1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4tM4RNzm6pgjsCYwEWZyaTyQe_Pe6fNwaZ0Prrv-U2MD-A4qEbt19VF1hvTHkOKe8SContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:48 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-q8nhPTFmtj4YD-IYRr_0Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC652bycUPoO2we3pLJ8LVCX_m5I7oRWsYNQfOKYI50ehht8hjhmOmhl8N9VeLHHnZofContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:50 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-kHapn9SFc31QkqRiSGpa4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4qrH-xw_kKokj_JvYjz4tY4wPvpIDZw-PBp_7e8RFOMgM1Y0A-Ovlong2yKWKWkmxhO30K8XoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:01 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-DNAx6Nbu9OaUo_wjJxelhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6UQSDGhHohRCXytTvF-Mj5uRR5EYLwwxcln5ZdePBCftb7WvbCfNx7Ti_bWAXk2LOkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:01 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-cn6I2J5nrc4Qkb5ID8ODUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6_w0ykohPpKsjtoZ56KJDzBPFu0JoPK49HR0KKLo5Yz3FkrtdAv1ueB4zm0bUvLChpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:07 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-9l9ddGzrBuXwAHyAuWgxGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC43HM8bEOZiQUveYCWjJjbGzcd8pvjx8i4L2guVwCiMSAGrzavNYdou07rw7dKdfIVj7vW3PsIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:07 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nvGiOzTDuc_5ecr-vOND6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7v5oCN09FNRVxhjUA_E3jyzlK8yNjGyzckvBgYexjigbDxpvA1vfBAyT27UgQtZ_w7Hp03Pp8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:15 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-kzxPUoPJWQ3bRNi8l_H09Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC66x_MxidOmmNANaz9iYvtr0igAuuex2lwF4JMkbTu94-5hRid4vrbCl1wRLk4KmvRnContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:16 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-z-hLb-I4gArl8Y4iv00V_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938078109.000000000081B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978R
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978~
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlp
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniH))
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE22000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/:
                          Source: Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/d
                          Source: Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/l
                          Source: Synaptics.exe, 00000003.00000002.2973653259.000000001553E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2964528186.000000001047E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2956086425.000000000D87E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2976837212.00000000180FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3028509920.000000002B33E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2956858218.000000000E27E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2964889949.00000000106FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962865371.000000000F07E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2969650789.00000000134BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2970000995.000000001373E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2961258759.000000000E932000.00000004.00000020.00020000.00000000.sdmp, blq.exe, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%xu
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&5
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-List
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Mr
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-b
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-spa
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-uri4
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.-.
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..Ss
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.B
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.NU
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.V
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.y
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download//T
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/Driv.
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/c
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0)
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1OF
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1b
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2-
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2B
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2Yb
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3(
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3M
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3lss
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4(z
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4NK
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5/
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5c
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5~
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download64
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download67:7
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6Cd
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6L
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7~
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download81
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8M
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9N
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9a
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:/
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:11:~
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download::
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:Ax
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;L
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;paddN
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=t
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=v
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?-
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?I
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2961258759.000000000E932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAN
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAb
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB-
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB/
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBB
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBtnR3
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC:
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCL
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD1
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD3H3
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDe
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDegw/
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDene
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDene)
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet-
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDf
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD~
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadER_
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEc
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEt
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE~
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF4
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFC
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFO
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFr402A
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG-
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHL
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI7u
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIa
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIf
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI~
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ.
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ:
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJRT
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJj
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJt
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKH
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKO
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL-
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLName8.
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLZDGU
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMs
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN;
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadName
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOGOUT
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOt7
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP.
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQO
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR-
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR;
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS)
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSI
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSan
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadServev
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSl
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTB
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTE
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUS
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUb
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUs
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV(
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV-
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVB
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVCPS.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVa
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWN
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWh
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWsu
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWt(
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX)
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ5
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZDGUK
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_f
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada-arc
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada=259
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadackgr
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadads
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadancis
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadancis6KL
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadatche
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadatm#
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadax-ag
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb5
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbL
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbYTpp
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadceKw;
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadceOs7
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcell
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle0/
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch-ua
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch-ua-full-version=
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch=
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadching
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadclos
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco1
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcogr/
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs.dl;
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcted6
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadctin
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcv
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc~
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd.moo
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd0
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd1
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddate
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade-Opt
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.comRH
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadea
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadected
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadecti
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectic
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectinV.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectin_
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectinv
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelle9
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem2
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemR
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellema
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemn
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemp
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemv
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem#qS
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem3uc
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem;wk
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem?sg
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademSt
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenCp3
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl0
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetlL
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetld
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetleniyor...
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetlw
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniy
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyf
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyoq
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyor..
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyot
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaders
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderve
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderver
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesolv
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesolvD
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetKr;
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlef
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenS
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenV
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenX
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetleni
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenx
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf:
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg)
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg=
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgH
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle.
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle.GH
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhi;rk
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh~
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi.
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadib
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadin
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloading
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadins
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadit
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiveUn
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiy
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyku
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.$
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.3
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor?
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyorc
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyorj
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyorn
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyors
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj-
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj6r6mu
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjBH
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjecti
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjecti4
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjectiO
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjectiy
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjectiz.
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk-
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk8w
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl)
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle3pc
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle_r
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlelog
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyB
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyH
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyQ
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyu
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllemM/
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllemP
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm/
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmO
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmain
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmax-width:390px;min-height
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmc
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadments
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmooo.
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm~
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn4
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnCL
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnYN
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadname
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell(
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell5
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellK
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellO
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellr
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellu
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetl
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetlz
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyoS
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor;
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyord
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnt
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadntent
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado(
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoM
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoa
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoad
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadocookOY
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadocume
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadod
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogleZY
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadolvin
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadones
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoq
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...L
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..J
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..q
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador/pW
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador?tg
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorGq
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador_w
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloados
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoskp
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadostna
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadostna&
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadot
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadownl
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpO
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpu
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqc
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq~
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr)
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr4
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrC
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrm-Ve
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrs
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrver
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsOGlEI
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadscal
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsoq#e
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadspre9
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsq#
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadss
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstna
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstnam
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstnamS/
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstnams
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt-CH
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt.
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtY$
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtche
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtl
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtl/uW
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlen
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlen$
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlenh
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni)
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni8
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtnam
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtname
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtop
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadts
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu(
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadua
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadusb.
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadut
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv5
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw/
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwv?
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxO
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxred
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..&
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..C
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..e
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..l/
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz(
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz;
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzM
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadza
                          Source: Synaptics.exe, 00000003.00000002.3039603496.00000000321FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3003659996.00000000207FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3001082793.000000001E1BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008371816.000000002287E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3001340079.000000001E57E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3046708537.0000000033EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2982962884.000000001CD3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3050580435.0000000035F3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2950241201.00000000093AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2941655126.000000000571E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3003057522.000000001FF3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3036562099.000000003017E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2964057797.000000000FF7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2939542815.000000000440E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2950489416.000000000977E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009545460.00000000234FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2979292156.000000001A17E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3051952051.00000000367FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2967064575.0000000011BBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3053136487.000000003733E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~-
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~B
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~~
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, ~DF601ED631F8CE1B03.TMP.5.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/x
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007692000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRZFR
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRZFRT
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, ~DF601ED631F8CE1B03.TMP.5.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49735 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49734 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49747 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49746 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49758 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49759 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49766 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49767 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49780 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49781 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49784 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49785 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49786 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49787 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49796 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49797 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49808 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49807 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49812 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49813 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49814 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49815 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49823 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49822 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49823 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49828 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49827 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49829 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49830 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49838 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49839 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49842 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49844 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49852 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49853 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49861 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49862 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49873 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49872 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49877 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49878 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49889 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49888 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49897 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49899 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49917 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49918 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49927 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49929 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49928 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49926 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49928 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49944 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49943 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49962 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49963 version: TLS 1.2

                          E-Banking Fraud

                          barindex
                          Checks if browser processes are running
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: strlen,memset,lstrlenA,strstr,lstrcpyA,CreateProcessA, Applications\iexplore.exe\shell\open\command4_2_10002BC3

                          System Summary

                          barindex
                          Malicious sample detected (through community Yara rule)
                          Source: blq.exe, type: SAMPLEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 10.2.encvbk.exe.10000000.1.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 1.2.._cache_blq.exe.4032a0.1.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 1.2.._cache_blq.exe.4032a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 4.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPEMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPEMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 1.2.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 0.0.blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPEDMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPEDMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: C:\Program Files (x86)\6795234.dll, type: DROPPEDMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPEDMatched rule: Detects RunningRAT Author: ditekSHen
                          Document contains an embedded VBA macro with suspicious strings
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Document contains an embedded VBA with functions possibly related to ADO stream file operations
                          Source: OslfsL4J.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Source: XZXHAVGRAG.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Document contains an embedded VBA with functions possibly related to HTTP operations
                          Source: OslfsL4J.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Source: XZXHAVGRAG.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                          Source: OslfsL4J.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: XZXHAVGRAG.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD5CF1 NtQueryInformationToken,NtQueryInformationToken,RtlNtStatusToDosError,10_2_00DD5CF1
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD40B1 NtQuerySystemInformation,10_2_00DD40B1
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD5D6A NtOpenProcessToken,RtlNtStatusToDosError,NtClose,QueryActCtxW,NtOpenProcessToken,NtSetInformationToken,NtClose,10_2_00DD5D6A
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD5911 PathIsRelativeW,RtlSetSearchPathMode,SearchPathW,GetFileAttributesW,CreateActCtxW,CreateActCtxWWorker,CreateActCtxWWorker,CreateActCtxWWorker,GetModuleHandleW,CreateActCtxWWorker,ActivateActCtx,SetWindowLongW,GetWindowLongW,GetWindow,memset,GetClassNameW,CompareStringW,GetWindow,GetWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,10_2_00DD5911
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD4136 HeapSetInformation,NtSetInformationProcess,AttachConsole,LocalAlloc,LoadLibraryExW,GetProcAddress,SetErrorMode,DestroyWindow,FreeLibrary,LocalFree,DeactivateActCtx,ReleaseActCtx,FreeLibrary,LocalFree,FreeConsole,ExitProcess,10_2_00DD4136
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10001F48 strlen,OpenSCManagerA,OpenServiceA,DeleteService,CloseServiceHandle,CloseServiceHandle,4_2_10001F48
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10001FBD LoadLibraryA,GetProcAddress,memset,memset,GetCurrentProcess,OpenProcessToken,DuplicateTokenEx,WTSGetActiveConsoleSessionId,SetTokenInformation,CreateProcessAsUserA,CloseHandle,CloseHandle,FreeLibrary,4_2_10001FBD
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_100025A2 ExitWindowsEx,4_2_100025A2
                          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\SysWOW64\encvbk.exeJump to behavior
                          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_054ED50B3_2_054ED50B
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644
                          Source: blq.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                          Source: blq.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                          Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: RCXAFD2.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs blq.exe
                          Source: blq.exe, 00000000.00000003.1661622575.00000000006F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileNameA-2? vs blq.exe
                          Source: blq.exe, 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660121834.0000000000716000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660433152.0000000000721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exe, 00000000.00000003.1661622575.00000000006E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs blq.exe
                          Source: blq.exe, 00000000.00000000.1654787110.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exe, 00000000.00000000.1654787110.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660495410.00000000006BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660495410.00000000006F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660495410.00000000006F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: ._cache_blq.exe, 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exeBinary or memory string: OriginalFileName vs blq.exe
                          Source: blq.exeBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exeBinary or memory string: OriginalFilenameb! vs blq.exe
                          Source: ._cache_blq.exe.0.drBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                          Source: blq.exe, type: SAMPLEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 10.2.encvbk.exe.10000000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 1.2.._cache_blq.exe.4032a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPEMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 1.2.._cache_blq.exe.4032a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 4.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPEMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPEMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPEMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 1.2.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 0.0.blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPEDMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPEDMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: C:\Program Files (x86)\6795234.dll, type: DROPPEDMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPEDMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: classification engineClassification label: mal100.bank.troj.expl.evad.winEXE@36/50@17/5
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD3C66 LoadLibraryExW,GetLastError,FormatMessageW,RtlImageNtHeader,SetProcessMitigationPolicy,10_2_00DD3C66
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: OpenSCManagerA,_local_unwind2,CreateServiceA,GetLastError,OpenServiceA,StartServiceA,ChangeServiceConfig2A,ChangeServiceConfig2A,wsprintfA,strlen,StartServiceA,4_2_10001B5B
                          Source: C:\Users\user\Desktop\._cache_blq.exeCode function: 1_2_00401794 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,Process32First,Process32Next,lstrcmpiA,CloseHandle,FreeLibrary,1_2_00401794
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD205A CoCreateInstance,10_2_00DD205A
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10001A43 OpenSCManagerA,OpenServiceA,StartServiceA,GetLastError,CloseServiceHandle,QueryServiceStatus,Sleep,CloseServiceHandle,CloseServiceHandle,4_2_10001A43
                          Source: C:\Users\user\Desktop\._cache_blq.exeFile created: C:\Program Files (x86)\6795234.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\Users\user\Desktop\._cache_blq.exeJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7812:120:WilError_03
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7644
                          Source: C:\Windows\SysWOW64\encvbk.exeMutant created: \Sessions\1\BaseNamedObjects\103.36.221.195:8790:encvbk
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\OslfsL4J.xlsmJump to behavior
                          Source: Yara matchFile source: blq.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXAFD2.tmp, type: DROPPED
                          Source: C:\Windows\SysWOW64\encvbk.exeCommand line argument: WLDP.DLL10_2_00DD4136
                          Source: C:\Windows\SysWOW64\encvbk.exeCommand line argument: localserver10_2_00DD4136
                          Source: C:\Users\user\Desktop\blq.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                          Source: C:\Users\user\Desktop\blq.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: blq.exeReversingLabs: Detection: 92%
                          Source: C:\Users\user\Desktop\blq.exeFile read: C:\Users\user\Desktop\blq.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\blq.exe "C:\Users\user\Desktop\blq.exe"
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\Users\user\Desktop\._cache_blq.exe "C:\Users\user\Desktop\._cache_blq.exe"
                          Source: unknownProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe -k "encvbk"
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                          Source: unknownProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe -k "encvbk"
                          Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\encvbk.exe C:\Windows\system32\encvbk.exe "c:\program files (x86)\6795234.dll",MainThread
                          Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7644 -ip 7644
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16120
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16140
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7644 -ip 7644
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16196
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\Users\user\Desktop\._cache_blq.exe "C:\Users\user\Desktop\._cache_blq.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"Jump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\encvbk.exe C:\Windows\system32\encvbk.exe "c:\program files (x86)\6795234.dll",MainThreadJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16120
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16140
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16196
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: twext.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: policymanager.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: cscapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: shacct.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: idstore.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: samlib.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: starttiledata.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: acppage.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: aepic.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: wlidprov.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: samcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: provsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: twext.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: starttiledata.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: acppage.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: aepic.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: mfc42.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
                          Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
                          Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: wininet.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: mswsock.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: napinsp.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: pnrpnsp.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: wshbth.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: nlaapi.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: iphlpapi.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: dnsapi.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: winrnr.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: fwpuclnt.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: rasadhlp.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: devenum.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: winmm.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: devobj.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: msasn1.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: msdmo.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: avicap32.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: msvfw32.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: wldp.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: printworkflowservice.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandbrokerclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Users\user\Desktop\blq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\l6DX2RD.iniJump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                          Source: Binary string: rundll32.pdb source: svchost.exe, 00000004.00000003.1664131085.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp, encvbk.exe, encvbk.exe, 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, encvbk.exe.4.dr
                          Source: Binary string: rundll32.pdbGCTL source: svchost.exe, 00000004.00000003.1664131085.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp, encvbk.exe, 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, encvbk.exe.4.dr
                          Source: encvbk.exe.4.drStatic PE information: 0x6A8F1B39 [Wed Aug 26 16:58:33 2026 UTC]
                          Source: C:\Users\user\Desktop\._cache_blq.exeCode function: 1_2_00401B6B LoadLibraryA,GetProcAddress,__p__pgmptr,sprintf,GetCurrentProcess,SetPriorityClass,GetCurrentThread,SetThreadPriority,ShellExecuteA,1_2_00401B6B
                          Source: encvbk.exe.4.drStatic PE information: section name: .didat
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_054E000C push 10005A16h; retf 3_2_054E005D
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10004C68 push eax; ret 4_2_10004C86
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10004CA0 push eax; ret 4_2_10004CCE
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD6883 push ecx; ret 10_2_00DD6896
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD682D push ecx; ret 10_2_00DD6840

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files to the document folder of the user
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                          Drops executables to the windows directory (C:\Windows) and starts them
                          Source: C:\Windows\SysWOW64\svchost.exeExecutable created and started: C:\Windows\SysWOW64\encvbk.exeJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\ProgramData\Synaptics\RCXAFD2.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_blq.exeFile created: C:\Program Files (x86)\6795234.dllJump to dropped file
                          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\SysWOW64\encvbk.exeJump to dropped file
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\Users\user\Desktop\._cache_blq.exeJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\ProgramData\Synaptics\RCXAFD2.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_blq.exeFile created: C:\Program Files (x86)\6795234.dllJump to dropped file
                          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\SysWOW64\encvbk.exeJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                          Source: C:\Users\user\Desktop\._cache_blq.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\encvbkJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10001A43 OpenSCManagerA,OpenServiceA,StartServiceA,GetLastError,CloseServiceHandle,QueryServiceStatus,Sleep,CloseServiceHandle,CloseServiceHandle,4_2_10001A43
                          Source: C:\Users\user\Desktop\blq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior

                          Hooking and other Techniques for Hiding and Protection

                          barindex
                          Self deletion via cmd or bat file
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess created: "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess created: "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeCode function: 1_2_00402400 IsIconic,1_2_00402400
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_1000265E OpenEventLogA,ClearEventLogA,CloseEventLog,4_2_1000265E
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10003E6B LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,4_2_10003E6B
                          Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\encvbk.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Found evasive API chain (may stop execution after checking mutex)
                          Source: C:\Users\user\Desktop\._cache_blq.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_1-373
                          Uses ping.exe to sleep
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: C:\Windows\SysWOW64\svchost.exeWindow / User API: threadDelayed 536Jump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeWindow / User API: threadDelayed 9462Jump to behavior
                          Source: C:\Windows\SysWOW64\encvbk.exeWindow / User API: threadDelayed 1471
                          Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 4023
                          Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 5938
                          Source: C:\Windows\SysWOW64\svchost.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_4-1591
                          Source: C:\Users\user\Desktop\._cache_blq.exeDropped PE file which has not been started: C:\Program Files (x86)\6795234.dllJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8104Thread sleep count: 86 > 30Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8104Thread sleep time: -5160000s >= -30000sJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 6784Thread sleep time: -60000s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exe TID: 7676Thread sleep count: 536 > 30Jump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exe TID: 7676Thread sleep time: -536000s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exe TID: 7676Thread sleep count: 9462 > 30Jump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exe TID: 7676Thread sleep time: -9462000s >= -30000sJump to behavior
                          Source: C:\Windows\System32\svchost.exe TID: 8008Thread sleep time: -30000s >= -30000s
                          Source: C:\Windows\System32\svchost.exe TID: 8008Thread sleep time: -30000s >= -30000s
                          Source: C:\Windows\SysWOW64\encvbk.exe TID: 8080Thread sleep count: 1471 > 30
                          Source: C:\Windows\SysWOW64\encvbk.exe TID: 8080Thread sleep time: -735500s >= -30000s
                          Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                          Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
                          Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\splwow64.exeLast function: Thread delayed
                          Source: C:\Windows\splwow64.exeLast function: Thread delayed
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_1000358C GetSystemInfo,wsprintfA,4_2_1000358C
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                          Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: Amcache.hve.18.drBinary or memory string: VMware
                          Source: Amcache.hve.18.drBinary or memory string: VMware Virtual USB Mouse
                          Source: Amcache.hve.18.drBinary or memory string: vmci.syshbin
                          Source: Amcache.hve.18.drBinary or memory string: VMware, Inc.
                          Source: encvbk.exe, 0000000A.00000002.4116954819.000000000303A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
                          Source: Amcache.hve.18.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.18.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: Amcache.hve.18.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.18.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3346246364.000002A314C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.18.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: svchost.exe, 00000009.00000002.3346246364.000002A314C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
                          Source: Amcache.hve.18.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: svchost.exe, 00000009.00000002.3344318115.000002A30F62B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.18.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.18.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.18.drBinary or memory string: vmci.sys
                          Source: Amcache.hve.18.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                          Source: Amcache.hve.18.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.18.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: Amcache.hve.18.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.18.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.18.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.18.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.18.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: Amcache.hve.18.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: Amcache.hve.18.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.18.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.18.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: Amcache.hve.18.drBinary or memory string: VMware VMCI Bus Device
                          Source: Amcache.hve.18.drBinary or memory string: VMware Virtual RAM
                          Source: Amcache.hve.18.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: Amcache.hve.18.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: C:\Windows\SysWOW64\encvbk.exeAPI call chain: ExitProcess graph end nodegraph_10-2037
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD5E4F LdrResolveDelayLoadedAPI,10_2_00DD5E4F
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD25B2 GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,10_2_00DD25B2
                          Source: C:\Users\user\Desktop\._cache_blq.exeCode function: 1_2_00401B6B LoadLibraryA,GetProcAddress,__p__pgmptr,sprintf,GetCurrentProcess,SetPriorityClass,GetCurrentThread,SetThreadPriority,ShellExecuteA,1_2_00401B6B
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD3F6B mov esi, dword ptr fs:[00000030h]10_2_00DD3F6B
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10003D5D FreeLibrary,free,VirtualFree,GetProcessHeap,HeapFree,4_2_10003D5D
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD6510 SetUnhandledExceptionFilter,10_2_00DD6510
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD61C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00DD61C0
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\Users\user\Desktop\._cache_blq.exe "C:\Users\user\Desktop\._cache_blq.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16120
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16140
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16196
                          Source: C:\Users\user\Desktop\blq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_1000304F wsprintfA,strlen,strlen,strlen,GetLocalTime,wsprintfA,strlen,4_2_1000304F
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_1000336E ServiceMain,strncpy,wcstombs,RegisterServiceCtrlHandlerA,FreeConsole,GetVersionExA,MainThread,GetCurrentDirectoryA,lstrcatA,lstrcatA,lstrcatA,GetSystemDirectoryA,lstrcatA,CopyFileA,GetFileAttributesA,GetLastError,wsprintfA,GetModuleFileNameA,wsprintfA,Sleep,GetExitCodeProcess,CloseHandle,Sleep,WaitForSingleObject,CloseHandle,Sleep,4_2_1000336E
                          Source: Amcache.hve.18.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.18.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.18.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: ._cache_blq.exeBinary or memory string: 360tray.exe
                          Source: Amcache.hve.18.drBinary or memory string: MsMpEng.exe

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Gh0stCringe
                          Source: Yara matchFile source: 10.2.encvbk.exe.10000000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.4032a0.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.4032a0.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000A.00000002.4129317792.0000000010006000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: ._cache_blq.exe PID: 7616, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7664, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: encvbk.exe PID: 8056, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Program Files (x86)\6795234.dll, type: DROPPED
                          Yara detected RunningRAT
                          Source: Yara matchFile source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000000.1659507821.0000000000403000.00000008.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.1660121834.0000000000716000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: ._cache_blq.exe PID: 7616, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPED
                          Yara detected XRed
                          Source: Yara matchFile source: blq.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: blq.exe PID: 7560, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXAFD2.tmp, type: DROPPED

                          Remote Access Functionality

                          barindex
                          Yara detected Gh0stCringe
                          Source: Yara matchFile source: 10.2.encvbk.exe.10000000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.4032a0.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.4032a0.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000A.00000002.4129317792.0000000010006000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: ._cache_blq.exe PID: 7616, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7664, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: encvbk.exe PID: 8056, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Program Files (x86)\6795234.dll, type: DROPPED
                          Yara detected RunningRAT
                          Source: Yara matchFile source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000000.1659507821.0000000000403000.00000008.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.1660121834.0000000000716000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: ._cache_blq.exe PID: 7616, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPED
                          Yara detected XRed
                          Source: Yara matchFile source: blq.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: blq.exe PID: 7560, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXAFD2.tmp, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information41
                          Scripting                          		1
                          Valid Accounts                          		11
                          Native API                          		41
                          Scripting                          		1
                          DLL Side-Loading                          		1
                          Obfuscated Files or Information                          		OS Credential Dumping1
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		4
                          Ingress Tool Transfer                          		Exfiltration Over Other Network Medium1
                          System Shutdown/Reboot
                          CredentialsDomains1
                          Replication Through Removable Media                          		2
                          Command and Scripting Interpreter                          		1
                          DLL Side-Loading                          		1
                          Valid Accounts                          		1
                          Timestomp                          		LSASS Memory1
                          Peripheral Device Discovery                          		Remote Desktop ProtocolData from Removable Media11
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts12
                          Service Execution                          		1
                          Valid Accounts                          		1
                          Access Token Manipulation                          		1
                          DLL Side-Loading                          		Security Account Manager3
                          File and Directory Discovery                          		SMB/Windows Admin SharesData from Network Shared Drive1
                          Non-Standard Port                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCron22
                          Windows Service                          		22
                          Windows Service                          		1
                          File Deletion                          		NTDS35
                          System Information Discovery                          		Distributed Component Object ModelInput Capture3
                          Non-Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchd1
                          Registry Run Keys / Startup Folder                          		12
                          Process Injection                          		142
                          Masquerading                          		LSA Secrets1
                          Query Registry                          		SSHKeylogging34
                          Application Layer Protocol                          		Scheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                          Registry Run Keys / Startup Folder                          		1
                          Valid Accounts                          		Cached Domain Credentials151
                          Security Software Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Access Token Manipulation                          		DCSync31
                          Virtualization/Sandbox Evasion                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
                          Virtualization/Sandbox Evasion                          		Proc Filesystem12
                          Process Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                          Process Injection                          		/etc/passwd and /etc/shadow11
                          Application Window Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                          Indicator Removal                          		Network Sniffing1
                          Remote System Discovery                          		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                          System Network Configuration Discovery                          		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580529 Sample: blq.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 100 64 freedns.afraid.org 2->64 66 xred.mooo.com 2->66 68 4 other IPs or domains 2->68 80 Suricata IDS alerts for network traffic 2->80 82 Found malware configuration 2->82 84 Malicious sample detected (through community Yara rule) 2->84 88 16 other signatures 2->88 9 blq.exe 1 6 2->9         started        12 svchost.exe 1 2->12         started        15 svchost.exe 2->15         started        17 5 other processes 2->17 signatures3 86 Uses dynamic DNS services 64->86 process4 file5 54 C:\Users\user\Desktop\._cache_blq.exe, PE32 9->54 dropped 56 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->56 dropped 58 C:\ProgramData\Synaptics\RCXAFD2.tmp, PE32 9->58 dropped 60 C:\...\Synaptics.exe:Zone.Identifier, ASCII 9->60 dropped 19 ._cache_blq.exe 5 2 9->19         started        23 Synaptics.exe 114 9->23         started        62 C:\Windows\SysWOW64\encvbk.exe, PE32 12->62 dropped 106 Drops executables to the windows directory (C:\Windows) and starts them 12->106 26 encvbk.exe 12->26         started        108 Checks if browser processes are running 15->108 28 WerFault.exe 17->28         started        30 WerFault.exe 17->30         started        32 WerFault.exe 17->32         started        34 splwow64.exe 17->34         started        signatures6 process7 dnsIp8 50 C:\Program Files (x86)\6795234.dll, PE32 19->50 dropped 90 Antivirus detection for dropped file 19->90 92 Found evasive API chain (may stop execution after checking mutex) 19->92 94 Self deletion via cmd or bat file 19->94 36 cmd.exe 19->36         started        70 drive.usercontent.google.com 142.250.181.1, 443, 49746, 49747 GOOGLEUS United States 23->70 72 docs.google.com 142.250.181.14, 443, 49734, 49735 GOOGLEUS United States 23->72 74 freedns.afraid.org 69.42.215.252, 49740, 80 AWKNET-LLCUS United States 23->74 52 C:\Users\user\Documents\DTBZGIOOSO\~$cache1, PE32 23->52 dropped 96 Multi AV Scanner detection for dropped file 23->96 98 Drops PE files to the document folder of the user 23->98 100 Machine Learning detection for dropped file 23->100 39 WerFault.exe 23->39         started        41 WerFault.exe 23->41         started        43 WerFault.exe 23->43         started        76 103.36.221.195, 49733, 8790 CHINA169-BJChinaUnicomBeijingProvinceNetworkCN China 26->76 file9 signatures10 process11 signatures12 102 Uses ping.exe to sleep 36->102 104 Uses ping.exe to check the status of other devices and networks 36->104 45 PING.EXE 36->45         started        48 conhost.exe 36->48         started        process13 dnsIp14 78 127.0.0.1 unknown unknown 45->78

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.